NIST CSF Control PR.AC-1: Identities and Credentials Are Managed for Authorized Devices and Users

Role Availability Read-Only Investigator Analyst Manager

Access Control (PR.AC): Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions. Note on Control: Showing user login events will satisfy this control. Associated Frameworks: CCS CSC 16, COBIT 5 DSS05.04, DSS06.03, ISA 62443-2-1:2009, ISA 62443-3-3:2013 SR 1.1, SR 1.2, SR 1.3, SR 1.4, SR 1.5, SR 1.7, SR 1.8, SR 1.9, ISO/IEC 27001:2013 A.9.2.1, A.9.2.2, A.9.2.4, A.9.3.1, A.9.4.2, A.9.4.3, NIST SP 800-53 Rev. 4 AC-2, IA Family.

The following table shows the event filters used by this template:

Filters Used by NIST CSF Control PR.AC-1: Identities and Credentials Are Managed for Authorized Devices and Users
Field Values
Event Name "A logon was attempted using explicit credentials", "AUTHN_LOGIN_EVENT", "Admin - Change Password On Next Login", "Admin login", "Admin login failed", "Admin login successful", "Agent login succeeded", "Attempt to login using a non-existent user", "Audit Event Dispatcher: login message", "Console Login", "Console user login", "FTP login", "LOGIN", "LOGON", "Login", "Login - Login Challenge", "Login - Login Failure", "Login - Successful Login", "Login OK", "Login Success", "Login attempt", "Login failed", "Login succeeded", "Login success", "Login successful. Accepted password", "Logon", "Multiple Windows Logon Failures", "Multiple failed logins", "Network Security Manager Login succeeded", "PasswordLogonInitialAuthUsingPassword", "Secure Shell: LOGINFAIL", "Special Logon", "Special privileges assigned to new logon", "UNSUCCESSFUL_LOGIN", "USER_LOGIN", "USER_LOGINx", "USER_Login: Failed", "User Logon", "User Logon Notification for Customer Experience Improvement Program", "User login", "User login failed", "User login successful", "User logon detected Account", "UserLoginFailed", "VPN zone remote user login allowed", "Windows DC Logon Failure", "Windows Logon Success", "event: LoginFailed", "load balancer: SSH Login failed", "load balancer: SSH login accepted", "login", "login query"
Suppressed False

To generate the NIST CSF Control PR.AC-1 report

  1. Go to Reports > Compliance Templates.
  2. On the left navigation pane, click NIST CSF.
  3. Click Generate Report on the specific line for this report.

    The Configure Report dialog box displays.

  4. Click Edit Filters if you want to modify the selected filters, and then Continue to Filters. Do the modifications you need, and then click Edit Report.
  5. Click the date field if you want to choose a different date range.
  6. Configure Report Dialog Box

    Choose Last Hour, Last 24 Hours, Last 7 Days, Last 30 Days, Last 90 Days, or Custom Range to set a particular date range.

  7. Under the Format section, select either CSV or PDF for the format of the report.
  8. Select if you want to generate the report again, and choose Never, Daily, Weekly, Bi-weekly, and Monthly.
  9. Enter an email address to send the report. Select the Send to my Email Address option to add your email automatically.
  10. Select the Enable link expiration option. This link is delivered by email and expires in 14 days.
  11. Click Next.
  12. In the Report Name field, enter a name for the report. This name will be displayed in the Saved Reports page.
  13. (Optional.) Add a description that will be included.
  14. Under the Number of records section, choose the maximum number of records to include on the report: 20, 50, 100, 500, 1000, or 2500.
  15. If you have chosen the PDF format, you will see the Graphs section, which you can use to include additional views. You can add or remove graphs included in the report by clicking the and the icons.
  16. Select Save & Run if you wish to keep the report in your Saved Reports on USM Anywhere page and receive the report in the indicated email.
  17. Click Run to run the report.