Security Control:
Risk-Based Authentication

Authentication of a user is based on risk posture derived from at least one risk engine. (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM).

Components and Required Capabilities

Access Management

  • Must have the ability to query Fraud & Risk at application for risk posture, or
  • Must have the ability to query CASB for risk posture, or
  • Must have the ability to query Enterprise Mobility Management for device status
  • Must have the ability to provide/reject access based on managed device
  • Must have the ability to determine if MFA is required based on user profile data
  • Must have the ability to determine authentication type (2FA) based on risk from at least one risk source

Supporting IDSA Members (analyst reference, where available):

Fraud & Risk

  • Must have the ability to send risk status to requesting tool as a defined value (low, moderate, high, extreme)

Supporting IDSA Members (analyst reference, where available):

CASB

  • Must have the ability to return anomaly status

Supporting IDSA Members (analyst reference, where available):

Interaction Diagram

– Click for larger image –