Require equipment identity
Summary
A system with critical information must require the identification of the equipment from which a user or system is authenticated.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CAPEC™-114. Authentication abuse
- OWASP TOP 10-A7. Identification and authentication failures
- MITRE ATT&CK®-M1025. Privileged process integrity
- SANS 25-14. Improper Authentication
- PDPO-S1_4. Security of personal data
- CMMC-MP_L2-3_8_1. Media protection
- CMMC-MP_L2-3_8_8. Shared media
- HITRUST CSF-01_k. Equipment identification in networks
- HITRUST CSF-08_b. Physical entry controls
- ISO/IEC 27002-5_37. Documented operating procedures
- OSSTMM3-8_7_4. Physical security (controls verification) - Integrity
- PTES-7_4_4_1. Post Exploitation - Pillaging (user information on system)
- SWIFT CSCF-3_1. Physical security
- SIG Core-D_1_1_2. Asset and information management
- OWASP ASVS-2_8_2. One time verifier
- ISO/IEC 27001-5_37. Documented operating procedures
- CASA-2_8_2. One Time Verifier
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.