IA-9(2): Transmission Of Decisions

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IA-9: Service Identification and Authentication.

Control Statement

The organization ensures that identification and authentication decisions are transmitted between [Assignment: organization-defined services] consistent with organizational policies.

Supplemental Guidance

For distributed architectures (e.g., service-oriented architectures), the decisions regarding the validation of identification and authentication claims may be made by services separate from the services acting on those decisions. In such situations, it is necessary to provide the identification and authentication decisions (as opposed to the actual identifiers and authenticators) to the services that need to act on those decisions.