NIST 800-53 r5 · Controls catalogue · Family IA
IA-7Cryptographic Module Authentication
Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (12)
- T1195.003 Compromise Hardware Supply Chain Initial Access
- T1495 Firmware Corruption Impact
- T1542 Pre-OS Boot Stealth, Persistence
- T1542.001 System Firmware Stealth, Persistence
- T1542.003 Bootkit Stealth, Persistence
- T1542.004 ROMMONkit Stealth, Persistence
- T1542.005 TFTP Boot Stealth, Persistence
- T1553 Subvert Trust Controls Defense Impairment
- T1553.006 Code Signing Policy Modification Defense Impairment
- T1601 Modify System Image Defense Impairment
- T1601.001 Patch System Image Defense Impairment
- T1601.002 Downgrade System Image Defense Impairment
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-287 | Improper Authentication | 4,730 | Directly requires implementation of compliant authentication mechanisms to cryptographic modules, preventing improper authentication. |
CWE-306 | Missing Authentication for Critical Function | 2,567 | Mandates authentication for the critical function of accessing or using a cryptographic module. |
CWE-1392 | Use of Default Credentials | 89 | Standards-compliant authentication mechanisms typically prohibit default credentials for cryptographic modules. |
CWE-1390 | Weak Authentication | 75 | Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication. |
CWE-1391 | Use of Weak Credentials | 47 | Enforces use of credentials that comply with standards rather than weak credentials for module access. |
CWE-1393 | Use of Default Password | 37 | Requires authentication that meets guidelines, avoiding default passwords for cryptographic module access. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2025-64647 | 1.2 | 5.9 | 0.0001 | good |