PR.AA-03:

Implementation Examples

Ex1:

Require multifactor authentication

Ex2:

Enforce policies for the minimum strength of passwords, PINs, and similar authenticators

Ex3:

Periodically reauthenticate users, services, and hardware based on risk (e.g., in zero trust architectures)

Ex4:

Ensure that authorized personnel can access accounts essential for protecting safety under emergency conditions