NIST 800-53 IA-2 Mappings

Organizations can satisfy the identification and authentication requirements by complying with the requirements in HSPD 12. Organizational users include employees or individuals who organizations consider to have an equivalent status to employees (e.g., contractors and guest researchers). Unique identification and authentication of users applies to all accesses other than those that are explicitly identified in AC-14 and that occur through the authorized use of group authenticators without individual authentication. Since processes execute on behalf of groups and roles, organizations may require unique identification of individuals in group accounts or for detailed accountability of individual activity.

Organizations employ passwords, physical authenticators, or biometrics to authenticate user identities or, in the case of multi-factor authentication, some combination thereof. Access to organizational systems is defined as either local access or network access. Local access is any access to organizational systems by users or processes acting on behalf of users, where access is obtained through direct connections without the use of networks. Network access is access to organizational systems by users (or processes acting on behalf of users) where access is obtained through network connections (i.e., nonlocal accesses). Remote access is a type of network access that involves communication through external networks. Internal networks include local area networks and wide area networks.

The use of encrypted virtual private networks for network connections between organization-controlled endpoints and non-organization-controlled endpoints may be treated as internal networks with respect to protecting the confidentiality and integrity of information traversing the network. Identification and authentication requirements for non-organizational users are described in IA-8.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
IA-2 Identification and Authentication (organizational Users) Protects T1003 OS Credential Dumping
IA-2 Identification and Authentication (organizational Users) Protects T1003.001 LSASS Memory
IA-2 Identification and Authentication (organizational Users) Protects T1003.002 Security Account Manager
IA-2 Identification and Authentication (organizational Users) Protects T1003.003 NTDS
IA-2 Identification and Authentication (organizational Users) Protects T1003.004 LSA Secrets
IA-2 Identification and Authentication (organizational Users) Protects T1003.005 Cached Domain Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1003.006 DCSync
IA-2 Identification and Authentication (organizational Users) Protects T1003.007 Proc Filesystem
IA-2 Identification and Authentication (organizational Users) Protects T1003.008 /etc/passwd and /etc/shadow
IA-2 Identification and Authentication (organizational Users) Protects T1021 Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1021.001 Remote Desktop Protocol
IA-2 Identification and Authentication (organizational Users) Protects T1021.002 SMB/Windows Admin Shares
IA-2 Identification and Authentication (organizational Users) Protects T1021.003 Distributed Component Object Model
IA-2 Identification and Authentication (organizational Users) Protects T1021.004 SSH
IA-2 Identification and Authentication (organizational Users) Protects T1021.005 VNC
IA-2 Identification and Authentication (organizational Users) Protects T1021.006 Windows Remote Management
IA-2 Identification and Authentication (organizational Users) Protects T1040 Network Sniffing
IA-2 Identification and Authentication (organizational Users) Protects T1047 Windows Management Instrumentation
IA-2 Identification and Authentication (organizational Users) Protects T1053 Scheduled Task/Job
IA-2 Identification and Authentication (organizational Users) Protects T1053.001 At (Linux)
IA-2 Identification and Authentication (organizational Users) Protects T1053.002 At (Windows)
IA-2 Identification and Authentication (organizational Users) Protects T1053.003 Cron
IA-2 Identification and Authentication (organizational Users) Protects T1053.004 Launchd
IA-2 Identification and Authentication (organizational Users) Protects T1053.005 Scheduled Task
IA-2 Identification and Authentication (organizational Users) Protects T1053.006 Systemd Timers
IA-2 Identification and Authentication (organizational Users) Protects T1055 Process Injection
IA-2 Identification and Authentication (organizational Users) Protects T1055.008 Ptrace System Calls
IA-2 Identification and Authentication (organizational Users) Protects T1056.003 Web Portal Capture
IA-2 Identification and Authentication (organizational Users) Protects T1059 Command and Scripting Interpreter
IA-2 Identification and Authentication (organizational Users) Protects T1059.001 PowerShell
IA-2 Identification and Authentication (organizational Users) Protects T1059.008 Network Device CLI
IA-2 Identification and Authentication (organizational Users) Protects T1072 Software Deployment Tools
IA-2 Identification and Authentication (organizational Users) Protects T1078 Valid Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.002 Domain Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.003 Local Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.004 Cloud Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1087.004 Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1098 Account Manipulation
IA-2 Identification and Authentication (organizational Users) Protects T1098.001 Additional Cloud Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1098.002 Exchange Email Delegate Permissions
IA-2 Identification and Authentication (organizational Users) Protects T1098.003 Add Office 365 Global Administrator Role
IA-2 Identification and Authentication (organizational Users) Protects T1110 Brute Force
IA-2 Identification and Authentication (organizational Users) Protects T1110.001 Password Guessing
IA-2 Identification and Authentication (organizational Users) Protects T1110.002 Password Cracking
IA-2 Identification and Authentication (organizational Users) Protects T1110.003 Password Spraying
IA-2 Identification and Authentication (organizational Users) Protects T1110.004 Credential Stuffing
IA-2 Identification and Authentication (organizational Users) Protects T1111 Two-Factor Authentication Interception
IA-2 Identification and Authentication (organizational Users) Protects T1114 Email Collection
IA-2 Identification and Authentication (organizational Users) Protects T1114.002 Remote Email Collection
IA-2 Identification and Authentication (organizational Users) Protects T1133 External Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1134 Access Token Manipulation
IA-2 Identification and Authentication (organizational Users) Protects T1134.001 Token Impersonation/Theft
IA-2 Identification and Authentication (organizational Users) Protects T1134.002 Create Process with Token
IA-2 Identification and Authentication (organizational Users) Protects T1134.003 Make and Impersonate Token
IA-2 Identification and Authentication (organizational Users) Protects T1136 Create Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.001 Local Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.002 Domain Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.003 Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1185 Man in the Browser
IA-2 Identification and Authentication (organizational Users) Protects T1190 Exploit Public-Facing Application
IA-2 Identification and Authentication (organizational Users) Protects T1197 BITS Jobs
IA-2 Identification and Authentication (organizational Users) Protects T1210 Exploitation of Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1213 Data from Information Repositories
IA-2 Identification and Authentication (organizational Users) Protects T1213.001 Confluence
IA-2 Identification and Authentication (organizational Users) Protects T1213.002 Sharepoint
IA-2 Identification and Authentication (organizational Users) Protects T1218 Signed Binary Proxy Execution
IA-2 Identification and Authentication (organizational Users) Protects T1218.007 Msiexec
IA-2 Identification and Authentication (organizational Users) Protects T1222 File and Directory Permissions Modification
IA-2 Identification and Authentication (organizational Users) Protects T1222.001 Windows File and Directory Permissions Modification
IA-2 Identification and Authentication (organizational Users) Protects T1222.002 Linux and Mac File and Directory Permissions Modification
IA-2 Identification and Authentication (organizational Users) Protects T1484 Domain Policy Modification
IA-2 Identification and Authentication (organizational Users) Protects T1489 Service Stop
IA-2 Identification and Authentication (organizational Users) Protects T1495 Firmware Corruption
IA-2 Identification and Authentication (organizational Users) Protects T1505 Server Software Component
IA-2 Identification and Authentication (organizational Users) Protects T1505.001 SQL Stored Procedures
IA-2 Identification and Authentication (organizational Users) Protects T1505.002 Transport Agent
IA-2 Identification and Authentication (organizational Users) Protects T1525 Implant Container Image
IA-2 Identification and Authentication (organizational Users) Protects T1528 Steal Application Access Token
IA-2 Identification and Authentication (organizational Users) Protects T1530 Data from Cloud Storage Object
IA-2 Identification and Authentication (organizational Users) Protects T1537 Transfer Data to Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1538 Cloud Service Dashboard
IA-2 Identification and Authentication (organizational Users) Protects T1539 Steal Web Session Cookie
IA-2 Identification and Authentication (organizational Users) Protects T1542 Pre-OS Boot
IA-2 Identification and Authentication (organizational Users) Protects T1542.001 System Firmware
IA-2 Identification and Authentication (organizational Users) Protects T1542.003 Bootkit
IA-2 Identification and Authentication (organizational Users) Protects T1542.005 TFTP Boot
IA-2 Identification and Authentication (organizational Users) Protects T1543 Create or Modify System Process
IA-2 Identification and Authentication (organizational Users) Protects T1543.001 Launch Agent
IA-2 Identification and Authentication (organizational Users) Protects T1543.002 Systemd Service
IA-2 Identification and Authentication (organizational Users) Protects T1543.003 Windows Service
IA-2 Identification and Authentication (organizational Users) Protects T1543.004 Launch Daemon
IA-2 Identification and Authentication (organizational Users) Protects T1546.003 Windows Management Instrumentation Event Subscription
IA-2 Identification and Authentication (organizational Users) Protects T1547.004 Winlogon Helper DLL
IA-2 Identification and Authentication (organizational Users) Protects T1547.006 Kernel Modules and Extensions
IA-2 Identification and Authentication (organizational Users) Protects T1547.009 Shortcut Modification
IA-2 Identification and Authentication (organizational Users) Protects T1547.012 Print Processors
IA-2 Identification and Authentication (organizational Users) Protects T1548 Abuse Elevation Control Mechanism
IA-2 Identification and Authentication (organizational Users) Protects T1548.002 Bypass User Account Control
IA-2 Identification and Authentication (organizational Users) Protects T1548.003 Sudo and Sudo Caching
IA-2 Identification and Authentication (organizational Users) Protects T1550 Use Alternate Authentication Material
IA-2 Identification and Authentication (organizational Users) Protects T1550.002 Pass the Hash
IA-2 Identification and Authentication (organizational Users) Protects T1550.003 Pass the Ticket
IA-2 Identification and Authentication (organizational Users) Protects T1552 Unsecured Credentials
IA-2 Identification and Authentication (organizational Users) Protects T1552.001 Credentials In Files
IA-2 Identification and Authentication (organizational Users) Protects T1552.002 Credentials in Registry
IA-2 Identification and Authentication (organizational Users) Protects T1552.004 Private Keys
IA-2 Identification and Authentication (organizational Users) Protects T1552.006 Group Policy Preferences
IA-2 Identification and Authentication (organizational Users) Protects T1556 Modify Authentication Process
IA-2 Identification and Authentication (organizational Users) Protects T1556.001 Domain Controller Authentication
IA-2 Identification and Authentication (organizational Users) Protects T1556.003 Pluggable Authentication Modules
IA-2 Identification and Authentication (organizational Users) Protects T1556.004 Network Device Authentication
IA-2 Identification and Authentication (organizational Users) Protects T1558 Steal or Forge Kerberos Tickets
IA-2 Identification and Authentication (organizational Users) Protects T1558.001 Golden Ticket
IA-2 Identification and Authentication (organizational Users) Protects T1558.002 Silver Ticket
IA-2 Identification and Authentication (organizational Users) Protects T1558.003 Kerberoasting
IA-2 Identification and Authentication (organizational Users) Protects T1558.004 AS-REP Roasting
IA-2 Identification and Authentication (organizational Users) Protects T1559 Inter-Process Communication
IA-2 Identification and Authentication (organizational Users) Protects T1559.001 Component Object Model
IA-2 Identification and Authentication (organizational Users) Protects T1562 Impair Defenses
IA-2 Identification and Authentication (organizational Users) Protects T1562.001 Disable or Modify Tools
IA-2 Identification and Authentication (organizational Users) Protects T1562.002 Disable Windows Event Logging
IA-2 Identification and Authentication (organizational Users) Protects T1562.004 Disable or Modify System Firewall
IA-2 Identification and Authentication (organizational Users) Protects T1562.006 Indicator Blocking
IA-2 Identification and Authentication (organizational Users) Protects T1562.007 Disable or Modify Cloud Firewall
IA-2 Identification and Authentication (organizational Users) Protects T1562.008 Disable Cloud Logs
IA-2 Identification and Authentication (organizational Users) Protects T1563 Remote Service Session Hijacking
IA-2 Identification and Authentication (organizational Users) Protects T1563.001 SSH Hijacking
IA-2 Identification and Authentication (organizational Users) Protects T1563.002 RDP Hijacking
IA-2 Identification and Authentication (organizational Users) Protects T1569 System Services
IA-2 Identification and Authentication (organizational Users) Protects T1569.001 Launchctl
IA-2 Identification and Authentication (organizational Users) Protects T1569.002 Service Execution
IA-2 Identification and Authentication (organizational Users) Protects T1574 Hijack Execution Flow
IA-2 Identification and Authentication (organizational Users) Protects T1574.005 Executable Installer File Permissions Weakness
IA-2 Identification and Authentication (organizational Users) Protects T1574.010 Services File Permissions Weakness
IA-2 Identification and Authentication (organizational Users) Protects T1574.012 COR_PROFILER
IA-2 Identification and Authentication (organizational Users) Protects T1578 Modify Cloud Compute Infrastructure
IA-2 Identification and Authentication (organizational Users) Protects T1578.001 Create Snapshot
IA-2 Identification and Authentication (organizational Users) Protects T1578.002 Create Cloud Instance
IA-2 Identification and Authentication (organizational Users) Protects T1578.003 Delete Cloud Instance
IA-2 Identification and Authentication (organizational Users) Protects T1580 Cloud Infrastructure Discovery
IA-2 Identification and Authentication (organizational Users) Protects T1599 Network Boundary Bridging
IA-2 Identification and Authentication (organizational Users) Protects T1599.001 Network Address Translation Traversal
IA-2 Identification and Authentication (organizational Users) Protects T1601 Modify System Image
IA-2 Identification and Authentication (organizational Users) Protects T1601.001 Patch System Image
IA-2 Identification and Authentication (organizational Users) Protects T1601.002 Downgrade System Image