NIST 800-53 IA-5 Mappings

Authenticators include passwords, cryptographic devices, biometrics, certificates, one-time password devices, and ID badges. Device authenticators include certificates and passwords. Initial authenticator content is the actual content of the authenticator (e.g., the initial password). In contrast, the requirements for authenticator content contain specific criteria or characteristics (e.g., minimum password length). Developers may deliver system components with factory default authentication credentials (i.e., passwords) to allow for initial installation and configuration. Default authentication credentials are often well known, easily discoverable, and present a significant risk. The requirement to protect individual authenticators may be implemented via control PL-04 or PS-06 for authenticators in the possession of individuals and by controls AC-03, AC-06, and SC-28 for authenticators stored in organizational systems, including passwords stored in hashed or encrypted formats or files containing encrypted or hashed passwords accessible with administrator privileges.

Systems support authenticator management by organization-defined settings and restrictions for various authenticator characteristics (e.g., minimum password length, validation time window for time synchronous one-time tokens, and number of allowed rejections during the verification stage of biometric authentication). Actions can be taken to safeguard individual authenticators, including maintaining possession of authenticators, not sharing authenticators with others, and immediately reporting lost, stolen, or compromised authenticators. Authenticator management includes issuing and revoking authenticators for temporary access when no longer needed.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
IA-5 Authenticator Management Protects T1003 OS Credential Dumping
IA-5 Authenticator Management Protects T1003.001 LSASS Memory
IA-5 Authenticator Management Protects T1003.002 Security Account Manager
IA-5 Authenticator Management Protects T1003.003 NTDS
IA-5 Authenticator Management Protects T1003.004 LSA Secrets
IA-5 Authenticator Management Protects T1003.005 Cached Domain Credentials
IA-5 Authenticator Management Protects T1003.006 DCSync
IA-5 Authenticator Management Protects T1003.007 Proc Filesystem
IA-5 Authenticator Management Protects T1003.008 /etc/passwd and /etc/shadow
IA-5 Authenticator Management Protects T1021 Remote Services
IA-5 Authenticator Management Protects T1021.001 Remote Desktop Protocol
IA-5 Authenticator Management Protects T1021.004 SSH
IA-5 Authenticator Management Protects T1040 Network Sniffing
IA-5 Authenticator Management Protects T1072 Software Deployment Tools
IA-5 Authenticator Management Protects T1078 Valid Accounts
IA-5 Authenticator Management Protects T1078.002 Domain Accounts
IA-5 Authenticator Management Protects T1078.004 Cloud Accounts
IA-5 Authenticator Management Protects T1098.001 Additional Cloud Credentials
IA-5 Authenticator Management Protects T1098.002 Exchange Email Delegate Permissions
IA-5 Authenticator Management Protects T1098.003 Add Office 365 Global Administrator Role
IA-5 Authenticator Management Protects T1110 Brute Force
IA-5 Authenticator Management Protects T1110.001 Password Guessing
IA-5 Authenticator Management Protects T1110.002 Password Cracking
IA-5 Authenticator Management Protects T1110.003 Password Spraying
IA-5 Authenticator Management Protects T1110.004 Credential Stuffing
IA-5 Authenticator Management Protects T1111 Two-Factor Authentication Interception
IA-5 Authenticator Management Protects T1114 Email Collection
IA-5 Authenticator Management Protects T1114.002 Remote Email Collection
IA-5 Authenticator Management Protects T1133 External Remote Services
IA-5 Authenticator Management Protects T1136 Create Account
IA-5 Authenticator Management Protects T1136.001 Local Account
IA-5 Authenticator Management Protects T1136.002 Domain Account
IA-5 Authenticator Management Protects T1136.003 Cloud Account
IA-5 Authenticator Management Protects T1528 Steal Application Access Token
IA-5 Authenticator Management Protects T1530 Data from Cloud Storage Object
IA-5 Authenticator Management Protects T1539 Steal Web Session Cookie
IA-5 Authenticator Management Protects T1550.003 Pass the Ticket
IA-5 Authenticator Management Protects T1552 Unsecured Credentials
IA-5 Authenticator Management Protects T1552.001 Credentials In Files
IA-5 Authenticator Management Protects T1552.002 Credentials in Registry
IA-5 Authenticator Management Protects T1552.004 Private Keys
IA-5 Authenticator Management Protects T1552.006 Group Policy Preferences
IA-5 Authenticator Management Protects T1555 Credentials from Password Stores
IA-5 Authenticator Management Protects T1555.001 Keychain
IA-5 Authenticator Management Protects T1555.002 Securityd Memory
IA-5 Authenticator Management Protects T1556 Modify Authentication Process
IA-5 Authenticator Management Protects T1556.001 Domain Controller Authentication
IA-5 Authenticator Management Protects T1556.003 Pluggable Authentication Modules
IA-5 Authenticator Management Protects T1556.004 Network Device Authentication
IA-5 Authenticator Management Protects T1558 Steal or Forge Kerberos Tickets
IA-5 Authenticator Management Protects T1558.001 Golden Ticket
IA-5 Authenticator Management Protects T1558.002 Silver Ticket
IA-5 Authenticator Management Protects T1558.003 Kerberoasting
IA-5 Authenticator Management Protects T1558.004 AS-REP Roasting
IA-5 Authenticator Management Protects T1563.001 SSH Hijacking
IA-5 Authenticator Management Protects T1599 Network Boundary Bridging
IA-5 Authenticator Management Protects T1599.001 Network Address Translation Traversal
IA-5 Authenticator Management Protects T1601 Modify System Image
IA-5 Authenticator Management Protects T1601.001 Patch System Image
IA-5 Authenticator Management Protects T1601.002 Downgrade System Image