MID-038: Authenticate for Administrative Actions
Mitigation Tier: Foundational
Description
Administrative actions on a device usually involve a subset of device actions that, if undertaken, could have an impact on the integrity of the device or its operations. These may include accessing certain I/O interfaces, changing the roles of another user, changing user permissions or credentials, using debugging modes, or altering device operating states, to name a few. Because these actions could have a large impact on device operations, users should have to authenticate to perform administrative actions and should only be allowed to take actions that they are permitted to after authentication.
Limitations: If the threat actor can gain access to valid credentials, they will be able to subvert these protections. Adding in mitigations like MID-031 - Physical Presence Validation will increase its efficacy because threat actors won’t be able to perform administrative actions without first authenticating and demonstrating physical access to the device. Physical security measures, such as locks and gates, can then be used as a line for cyber defense.
IEC 62443 4-2 Mappings
CR 1.1 - Human user interaction and authentication
CR 2.1 - Authorization Enforcement