Access based on user credentials
Summary
Physical access to the network for users must be assigned based on organizational user credentials (e.g., NAC 802.1x).
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CIS-12_6. Use of secure network management and communication protocols
- CIS-13_9. Deploy port-level access control
- HIPAA-164_312_e_1. Standard: transmission security
- NIST 800-53-IA-2. Identification and authentication (organizational users)
- SOC2®-CC6_6. Logical and physical access controls
- NIST Framework-PR_AC-2. Physical access to assets is managed and protected
- PA-DSS-6_1. The wireless technology must be implemented securely
- PA-DSS-6_2. For wireless technology, implement strong encryption for authentication and transmission
- CMMC-AC_L2-3_1_12. Control remote access
- CMMC-PE_L1-3_10_1. Limit physical access
- CMMC-SC_L1-3_13_1. Boundary protection
- HITRUST CSF-01_i. Policy on the use of network services
- HITRUST CSF-01_n. Network connection control
- HITRUST CSF-08_c. Securing offices, rooms and facilities
- HITRUST CSF-08_f. Public access, delivery and loading areas
- HITRUST CSF-09_m. Network controls
- FedRAMP-SC-8_1. Cryptographic or alternate physical protection
- ISO/IEC 27002-7_3. Securing offices, rooms and facilities
- ISO/IEC 27002-8_21. Security of network services
- OSSTMM3-8_5_2. Physical security (access verification) - Authentication
- C2M2-9_2_k. Implement network protections for cybersecurity architecture
- ISO/IEC 27001-7_3. Securing offices, rooms and facilities
- ISO/IEC 27001-8_21. Security of network services
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.