• xBaseline: Moderate
  • xThreat Vector: Spoofing
  • xThreat Vector: Elevation of Privilege
IDNameBaselinesThreats
LowModerateHighPrivacy
AC-2Account Management STRIDE-LM
(1)Automated System Account Management  STRIDE-LM
(2)Automated Temporary and Emergency Account Management  STRIDE-LM
(3)Disable Accounts  STRIDE-LM
(4)Automated Audit Actions  STRIDE-LM
(5)Inactivity Logout  STRIDE-LM
AC-3Access Enforcement STRIDE-LM
AC-4Information Flow Enforcement  STRIDE-LM
AC-6Least Privilege  STRIDE-LM
(1)Authorize Access to Security Functions  STRIDE-LM
(2)Non-privileged Access for Nonsecurity Functions  STRIDE-LM
(5)Privileged Accounts  STRIDE-LM
(7)Review of User Privileges  STRIDE-LM
(9)Log Use of Privileged Functions  STRIDE-LM
(10)Prohibit Non-privileged Users from Executing Privileged Functions  STRIDE-LM
AC-7Unsuccessful Logon Attempts STRIDE-LM
AC-11Device Lock  STRIDE-LM
AC-12Session Termination  STRIDE-LM
AC-17(4)Privileged Commands and Access  STRIDE-LM
AU-6Audit Record Review, Analysis, and Reporting STRIDE-LM
(3)Correlate Audit Record Repositories  STRIDE-LM
CM-3Configuration Change Control  STRIDE-LM
(2)Testing, Validation, and Documentation of Changes  STRIDE-LM
(4)Security and Privacy Representatives  STRIDE-LM
CM-7Least Functionality STRIDE-LM
(1)Periodic Review  STRIDE-LM
(2)Prevent Program Execution  STRIDE-LM
(5)Authorized Software  STRIDE-LM
IA-2Identification and Authentication (organizational Users) STRIDE-LM
(1)Multi-factor Authentication to Privileged Accounts STRIDE-LM
(2)Multi-factor Authentication to Non-privileged Accounts STRIDE-LM
(8)Access to Accounts - Replay Resistant STRIDE-LM
IA-3Device Identification and Authentication  STRIDE-LM
IA-4Identifier Management STRIDE-LM
(4)Identify User Status  STRIDE-LM
IA-5Authenticator Management STRIDE-LM
(1)Password-based Authentication STRIDE-LM
(2)Public Key-based Authentication  STRIDE-LM
(6)Protection of Authenticators  STRIDE-LM
IA-7Cryptographic Module Authentication STRIDE-LM
IA-8Identification and Authentication (non-organizational Users) STRIDE-LM
(1)Acceptance of Piv Credentials from Other Agencies STRIDE-LM
(2)Acceptance of External Authenticators STRIDE-LM
(4)Use of Defined Profiles STRIDE-LM
IA-11Re-authentication STRIDE-LM
IA-12(2)Identity Evidence  STRIDE-LM
(3)Identity Evidence Validation and Verification  STRIDE-LM
(5)Address Confirmation  STRIDE-LM
PE-3Physical Access Control STRIDE-LM
SC-2Separation of System and User Functionality  STRIDE-LM