IDSO-006: Device characteristics are used for authentication

Description: Besides relying on a valid username/password, authentication should take into consideration additional context about the device used to determine if the device itself has been compromised. This context helps prevent the spread of malware and limiting lateral movement by denying infected systems access. This also allows access to be limited to company issued or company managed devices.

Benefit: Protects critical systems and prevents the spread of malware.

Implementation Approaches

Security Frameworks

NIST Cybersecurity Framework 1.1

  • PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction
  • DE.CM-7: Monitoring for unauthorized personnel, connections, devices, and software is performed

NIST SP 800-207; Zero Trust Architecture

  • 2: Does the device used for the request have the proper security posture?
  • 2.1.4: Requesting asset state can include device characteristics such as software versions installed, network location, time/date of request, previously observed behavior, and installed credentials.
  • 3: CDM systems are also responsible for identifying and potentially enforcing a subset of polices on nonenterprise devices active on enterprise infrastructure.
TitleInstalled Software and OS Settings
Technology ComponentsUnified Endpoint Management (UEM)
Endpoint Detection & Response (EDR)
Endpoint Protection Platform (EPP)
Access Management (AM)
DescriptionLeveraging additional context from the security posture of the device, and ensuring minimum device compliance before allowing access to the network or application is permitted. This can and should include both items that the device MUST HAVE (such as a recent OS update applied) but also items that the device MUST NOT HAVE (such as malware, rootkits, etc.).
Pre-requisitesDevices are managed by EDR, ERP and/or UEM
EDR, EPP and/or UEM is in place with the ability to monitor installed Software and OS settings on devices
EDR, EPP and/or UEM is integrated with IAM to provider device posture information
IAM is configured to look for 3rd party device posture during authentication to determine the risk and react accordingly
Supporting Member CompaniesForgeRockOktaPing IdentityThreatMetrixVMware WorkspaceONEVMware Carbon Black
TitleDevice Physical Attributes
Technology ComponentsUnified Endpoint Management (UEM)
Endpoint Detection & Response (EDR)
Endpoint Protection Platform (EPP)
Access Management (AM)
DescriptionLeveraging additional context about the physical attributes of the device to apply access policies accordingly. Allows admins to apply different policies based on device type (e.g. laptop vs mobile device, iOS vs Android).
Pre-requisitesDevices are managed by EDR, ERP and/or UEM
EDR, EPP and/or UEM is in place with the ability to monitor physical attributes on devices
EDR, EPP and/or UEM is integrated with IAM to provider device posture information
IAM is configured to look for 3rd party device posture during authentication to determine the risk and react accordingly
Supporting Member CompaniesForgeRockOktaPing IdentityThalesThreatMetrixVMware Carbon Black
TitleDevice Physical Location
Technology ComponentsUnified Access Management (UEM)
Access Management (AM)
DescriptionLeveraging additional context from the geolocation of the device, and ensuring authorized or consistent device location before allowing access to the network or application is permitted. This can and should include both locations that the device are authorized (such as a recent OS update applied) but also unauthorized locations for the device.
Pre-requisitesDevices are managed by UEM
UEM is in place with the ability to monitor and detect physical location of devices
UEM is integrated with IAM to provider device posture information
IAM is configured to look for 3rd party device posture during authentication to determine the risk and react accordingly
Supporting Member CompaniesForgeRockOktaPing IdentityThalesThreatMetrixVMware WorkspaceONE
Background

READY TO MAKE AN IMPACT?

Let's work together to help everyone become more secure.