MID-018: Require Authentication for Privileged Functions

Mitigation Tier: Foundational

Description

Privileged functions that can severely affect the performance or critical functions of a device should only be accessible to authenticated privileged users. This includes functions such as configuration changes, user account changes, role and permission changes, operating state changes, etc. Alerting for failed access attempts is recommended to detect brute-force login attempts. Additionally, the authentication scheme should include controls for limiting session lifetimes, such as requiring reauthentication based on periods of in-activity.

Note: The mitigation MID-031 - Physical Presence Validation can be paired with this mitigation for more robust device security.

IEC 62443 4-2 Mappings

• CR 1.1 - Human user interaction and authentication

References

[1] CISA. “Identifying and Mitigating Living Off the Land Techniques.” cisa.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://www.cisa.gov/sites/default/files/2024-02/Joint-Guidance-Identifying-and-Mitigating-LOTL_V3508c.pdf

[2] Magisk. “sudo Command in Linux with Examples.” geeksforgeeks.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.geeksforgeeks.org/sudo-command-in-linux-with-examples/

MID-018