V1.2 — Authentication Architecture
Authentication Architecture: 4 L3 requirement(s). V1.2.1: Verify the use of unique or special low-privilege operating system accounts for all application components, services, an... V1.2.2: Verify that communications between application components, including APIs, middleware and data layers, are authenticated... V1.2.3: Verify that the application uses a single vetted authentication mechanism that is known to be secure, can be extended to... ... and 1 more.
| Property | Value |
|---|---|
| Section | V1.2 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-AUTH-02 | JWT Bearer Token Session Management |
| SID-AUTH-03 | OIDC Gate for External Identity Providers |
| SID-AUTH-04 | WebSocket JWT Handshake Authentication |
Source: OWASP Application Security Verification Standard 4.0.3