2.2.4 TODOΒΆ

Verify impersonation resistance against phishing, such as the use of multi-factor authentication, cryptographic devices with intent (such as connected keys with a push to authenticate), or at higher AAL levels, client-side certificates.

Level 1  
Level 2  
Level 3 X
CWE NIST
308 5.2.5