Which of the following actions is required to enforce authentication of user access?

Authentication of user access is critical to ensure that only legitimate users can access sensitive systems and data. The requirement that "interactive user access must be authenticated" emphasizes the importance of verifying the identity of users who are trying to gain access to system resources. This is a fundamental principle of cybersecurity, particularly in the context of NERC CIP standards, which dictate that access controls must be in place to protect critical infrastructure.

By requiring authentication for interactive user access, organizations can mitigate risks associated with unauthorized access, such as data breaches, system disruptions, and compliance violations. This means that every individual trying to log in must provide credentials that can be verified, ensuring that only those with the appropriate permissions can access sensitive areas of the network.

The other choices presented would compromise the integrity and security of user access. For example, having all user access through email would not guarantee proper authentication and could introduce vulnerabilities. Not requiring authentication at all would expose the system to significant risks by allowing anyone to access it without verification. Lastly, limiting authentication to managers would create a disparity in security measures and potentially increase the risk of insider threats or data loss since not all users would be subject to the same level of scrutiny.