NIST 800-53 IA-06 Mappings

Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
IA-06 Authentication Feedback Protects T1021.005 VNC
IA-06 Authentication Feedback Protects T1563 Remote Service Session Hijacking
IA-06 Authentication Feedback Protects T1578.001 Create Snapshot
IA-06 Authentication Feedback Protects T1578.002 Create Cloud Instance
IA-06 Authentication Feedback Protects T1578.003 Delete Cloud Instance
IA-06 Authentication Feedback Protects T1530 Data from Cloud Storage
IA-06 Authentication Feedback Protects T1021.001 Remote Desktop Protocol
IA-06 Authentication Feedback Protects T1578 Modify Cloud Compute Infrastructure