Skip to main content

CCC.Core.C03: Implement Multi-factor Authentication (MFA) for Access

Control ID:CCC.Core.C03
Title:Implement Multi-factor Authentication (MFA) for Access
Objective:Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access.
Control Family:
Identity and Access Management

Related Threats

IDTitleDescriptionExternal MappingsCapability MappingsControl Mappings
CCC.Core.TH01Access Control is MisconfiguredMisconfigured access controls may grant excessive privileges or fail to restrict unauthorized access to the service and its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data.
1
1
0

Related Capabilities

IDTitleDescription
CCC.Core.F06Access ControlThe service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes.

Guideline Mappings

Reference IDEntry IDStrengthRemarks
NIST-CSF
PR.AC-7
0
-
CCM
IAM-03
0
-
CCM
IAM-08
0
-
ISO_27001
2013 A.9.4.2
0
-
NIST_800_53
IA-2
0
-

Assessment Requirements

IDDescriptionApplicability
CCC.Core.C03.TR01When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors for authentication.
tlp-clear
tlp-green
tlp-amber
tlp-red
CCC.Core.C03.TR02When an entity attempts to modify the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter.
tlp-clear
tlp-green
tlp-amber
tlp-red
CCC.Core.C03.TR03When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple identifying factors from the user.
tlp-amber
tlp-red
CCC.Core.C03.TR04When an entity attempts to view information on the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter.
tlp-amber
tlp-red