SecFrame Explorer
3/3
// Level 3 · Controls

Identification and Authentication

NIST SP 800-53 Rev 5 Identification and Authentication controls.

IA-01Medium

Policy and Procedures

Develop, document, and disseminate to [parameter]:

IA-02Medium

Identification and Authentication (Organizational Users)

Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.

IA-03Medium

Device Identification and Authentication

Uniquely identify and authenticate [parameter] before establishing a [parameter] connection.

IA-04Medium

Identifier Management

Manage system identifiers by:

IA-05Medium

Authenticator Management

Manage system authenticators by:

IA-06Medium

Authentication Feedback

Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

IA-07Medium

Cryptographic Module Authentication

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

IA-08Medium

Identification and Authentication (Non-organizational Users)

Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

IA-09Medium

Service Identification and Authentication

Uniquely identify and authenticate [parameter] before establishing communications with devices, users, or other services or applications.

IA-10Medium

Adaptive Authentication

Require individuals accessing the system to employ [parameter] under specific [parameter].

IA-11Medium

Re-authentication

Require users to re-authenticate when [parameter].

IA-12Medium

Identity Proofing

Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines;

IA-13Medium

Identity Providers and Authorization Servers

Employ identity providers and authorization servers to manage user, device, and non-person entity (NPE) identities, attributes, and access rights supporting authentication and authorization decisions in accordance with [parameter] using [parameter].