Use AAL2/3 Passkeys for Non-Interactive GitHub Access
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Ensure non-interactive GitHub access uses a passkey (AAL2) or hardware key (AAL3) activated by a password or biometrics
Details
- Default Category: user authentication
- Default Priority Group: R1
- C-SCRM: true
- Mitre: CWE-308
- Mitre: M1032
- Sources: OpenSSF Great MFA Project Security Rationale
- Sources: NIST SP 800-63Bsup1
- How To: Github Docs