IA: Identification And Authentication

The organization: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: An identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls; and Reviews and updates the current:…

The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

The information system uniquely identifies and authenticates [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.

The organization manages information system identifiers by: Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, or device identifier; Selecting an identifier that identifies an individual, group, role, or device; Assigning the identifier to the intended individual, group, role, or device; Preventing reuse of identifiers for [Assignment: organization-defined time period];…

The organization manages information system authenticators by: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator; Establishing initial authenticator content for authenticators defined by the organization; Ensuring that authenticators have sufficient strength of mechanism for their intended use; Establishing and implementing administrative procedures for…

The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).

The organization identifies and authenticates [Assignment: organization-defined information system services] using [Assignment: organization-defined security safeguards].

The organization requires that individuals accessing the information system employ [Assignment: organization-defined supplemental authentication techniques or mechanisms] under specific [Assignment: organization-defined circumstances or situations].

The organization requires users and devices to re-authenticate when [Assignment: organization-defined circumstances or situations requiring re-authentication].