Human User Authentication

From attackics
Revision as of 15:58, 12 April 2021 by Jsteele (talk | contribs) (Text replacement - "{{LinkByID|M10" to "{{LinkByID|M09")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Human User Authentication
Mitigation
ID M0804
NIST SP 800-53 Rev. 4 IA-2
IEC 62443-3-3:2013 SR 1.1
IEC 62443-4-2:2019 CR 1.1

Description

Require user authentication before allowing access to data or accepting commands to a device. While strong multi-factor authentication is preferable, it is not always feasible within ICS environments. Performing strong user authentication also requires additional security controls and processes which are often the target of related adversarial techniques (e.g., Valid Accounts, Default Credentials). Therefore, associated ATT&CK mitigations should be considered in addition to this, including Multi-factor Authentication, Account Use Policies, Password Policies, User Account Management, Privileged Account Management, and User Account Control.


Techniques Addressed by Mitigation

NameUse
Activate Firmware Update ModeDevices that allow remote management of firmware should require authentication before allowing any changes. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management
Change Operating ModeAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Commonly Used PortAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Data Historian CompromiseAll remote services should require strong authentication before providing user access.
Detect Operating ModeAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Device Restart/ShutdownAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Execution through APIAll APIs on remote systems or local processes should require the authentication of users before executing any code or system changes.
Modify Alarm SettingsAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Module FirmwareDevices that allow remote management of firmware should require authentication before allowing any changes. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Point & Tag IdentificationAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Program DownloadAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Program UploadAll field controllers should require users to authenticate for all remote or local management sessions. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.
Remote ServicesAll remote services should require strong authentication before providing user access.
System FirmwareDevices that allow remote management of firmware should require authentication before allowing any changes. The authentication mechanisms should also support Account Use Policies, Password Policies, and User Account Management.