PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks)

Threats Addressed:

Warning icon.

Subcategory is withdrawn in the next version of this framework and incorporated into: PR.AA-03: Users, services, and hardware are authenticated.


[ Note: Subcategories do not have detailed descriptions.]