IA-5(3): In-Person Or Trusted Third-Party Registration

CSF v1.1 References:

Threats Addressed:


  • Moderate
  • High
Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IA-12(4): In-person Validation and Verification.

Control Statement

The organization requires that the registration process to receive [Assignment: organization-defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted third party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles].