PR.AA-03—Users, services, and hardware are authenticated
>Control Description
This identity management, authentication, and access control subcategory ensures that users, services, and hardware are authenticated. Key activities include: Require multifactor authentication; Enforce policies for the minimum strength of passwords, PINs, and similar authenticators; Periodically reauthenticate users, services, and hardware based on risk (e.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
DCS-08
IAM-01
IAM-02
IAM-14
IAM-16
IVS-03
UEM-05
UEM-06
+1 more
CRI Profile v2.0
PR.AA-03
PR.AA-03.01
PR.AA-03.02
PR.AA-03.03
CSF v1.1
PR.AC-3
PR.AC-7
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.15
Annex A Controls: 5.16
Annex A Controls: 5.17
Annex A Controls: 5.18
Annex A Controls: 8.5
NICE Framework
DD-WRL-001
IO-WRL-002
IO-WRL-003
IO-WRL-005
OG-WRL-013
OG-WRL-014
PD-WRL-004
PCI DSS
8.3.1
8.3.6
8.3.7
8.3.8
8.3.9
8.2.8
9.2.4
2.2.2
+4 more
SCF
IAC-01.2
IAC-02
IAC-03
IAC-04
IAC-05
SP 800-171 Rev 3
03.01.11
03.05.01
03.05.02
03.05.03
03.05.04
03.05.07
03.05.12
SP 800-218
PO.5.2
SP 800-53 Rev 5.1.1
AC-07
AC-12
IA-02
IA-03
IA-05
IA-07
IA-08
IA-09
+2 more
SP 800-53 Rev 5.2.0
AC-07
AC-12
IA-02
IA-03
IA-05
IA-07
IA-08
IA-09
+2 more
Ask AI
Configure your API key to use AI features.