Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access.
Core / Ccc / Controls / DEV
Implement Multi-factor Authentication (MFA) for Access
CCC.Core.CN03 · Access
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
| CCC.Core.CP29 | Active Ingestion | While running, the service itself can fetch or reach out to some other service or external source to get data, inputs or commands for the service to process or operate on. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.Core.CN03.AR01 | When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors for authentication. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN03.AR02 | When an entity attempts to modify the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.Core.CN03.AR03 | When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple identifying factors from the user. | tlp-amber, tlp-red |
| CCC.Core.CN03.AR04 | When an entity attempts to view information on the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter. | tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| CCM | IAM-14 | Strong Authentication (Define, implement and evaluate processes - including MFA) |