IA-5(11): Hardware Token-Based Authentication

CSF v1.1 References:

Threats Addressed:


  • Low
  • Moderate
  • High
Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IA-2(1): Multi-factor Authentication to Privileged Accounts, IA-2(2): Multi-factor Authentication to Non-privileged Accounts.

Control Statement

The information system, for hardware token-based authentication, employs mechanisms that satisfy [Assignment: organization-defined token quality requirements].

Supplemental Guidance

Hardware token-based authentication typically refers to the use of PKI-based tokens, such as the U.S. Government Personal Identity Verification (PIV) card. Organizations define specific requirements for tokens, such as working with a particular PKI.