User Account

A user account allows a user to authenticate to a system and potentially to receive authorization to access resources provided by or connected to that system; however, authentication does not imply authorization. To log into an account, a user is typically required to authenticate oneself with a password or other credentials for the purposes of accounting, security, logging, and resource management.

ID: d3f:UserAccount

ⓘ

Type: Top Level Artifacts

Informational References

https://d3fend.mitre.org/dao/artifact/d3f:UserAccount/

D3FEND Techniques

Name	Description
D3-OAM	Operational activity mapping identifies activities of the organization and the organization's suborganizations, groups, roles, and individuals that carry out the activities and then establishes the dependencies of the activities on the systems and people that perform those activities.,Identifying staff and organizational structure is part of operational activity mapping. One inventories assets; people are not assets, but are resources. Grasping operations and activities (missions) and mapping them to people is (notionally) last phase of modeling architecture.
D3-AM	Access modeling identifies and records the access permissions granted to administrators, users, groups, and systems.
D3-CH	Credential Hardening techniques modify system or network properties in order to protect system or network/domain credentials.
D3-BAN	Using biological measures in order to authenticate a user.
D3-MFA	Requiring proof of two or more pieces of evidence in order to authenticate a user.
D3-OTP	A one-time password is valid for only one user authentication.
D3-SPP	Modifying system configuration to increase password strength.
D3-UAP	Restricting a user account's access to resources.
D3-CE	Credential Eviction techniques disable or remove compromised credentials from a computer network.
D3-AL	The process of temporarily disabling user accounts on a system or domain.

SPARTA Countermeasures

ID	Name	Description
CM0052	Insider Threat Protection	Establish policy and procedures to prevent individuals (i.e., insiders) from masquerading as individuals with valid access to areas where commanding of the spacecraft is possible. Establish an Insider Threat Program to aid in the prevention of people with authorized access performing malicious activities.
CM0031	Authentication	Authenticate all communication sessions (crosslink and ground stations) for all commands before establishing remote connections using bidirectional authentication that is cryptographically based. Adding authentication on the spacecraft bus and communications on-board the spacecraft is also recommended.
CM0004	Development Environment Security	In order to secure the development environment, the first step is understanding all the devices and people who interact with it. Maintain an accurate inventory of all people and assets that touch the development environment. Ensure strong multi-factor authentication is used across the development environment, especially for code repositories, as threat actors may attempt to sneak malicious code into software that's being built without being detected. Use zero-trust access controls to the code repositories where possible. For example, ensure the main branches in repositories are protected from injecting malicious code. A secure development environment requires change management, privilege management, auditing and in-depth monitoring across the environment.
CM0043	Backdoor Commands	Ensure that all viable commands are known to the mission/spacecraft owner. Perform analysis of critical (backdoor/hardware) commands that could adversely affect mission success if used maliciously. Only use or include critical commands for the purpose of providing emergency access where commanding authority is appropriately restricted.