authentication

authentication Controls

8 controls across 5 frameworks.

CISA CPG

Multi-factor authentication is required for all user accounts

Account Security / Account Security

Strong password policies are enforced at the identity provider, including breached-password checks

Account Security / Account Security

Authenticate users, processes, and devices before granting access

Identification & Authentication / Authentication

Implement technical policies and procedures to allow access to ePHI only to authorized persons or software programs

Technical Safeguards / Access Control

Implement procedures to verify that a person or entity seeking access to ePHI is who they claim to be

Technical Safeguards / Person or Entity Authentication

Identities are proofed and bound to credentials based on the context of interactions

Protect / Identity Management, Authentication, and Access Control

Users, services, and hardware are authenticated

Protect / Identity Management, Authentication, and Access Control

Logical access security measures restrict access to assets

Security / Logical and Physical Access