3.5 IDENTIFICATION AND AUTHENTICATION
Employ automated or manual/procedural mechanisms to prohibit system components from connecting to organizational systems unless the components are known authenticated in a properly configured state or in a trust profile.
Identification and authentication of system components and component configurations can be determined for example via a cryptographic hash of the component. This is also known as device attestation and known operating state or trust profile. A trust profile based on factors such as the user authentication method device type and physical location is used to make dynamic decisions on authorizations to data of varying types. If device attestation is the means of identification and authentication then it is important that patches and updates to the device are handled via a configuration management process such that the patches and updates are done securely and do not disrupt the identification and authentication of other devices.
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- CIS Framework Controls V8