IA-12(6): Accept Externally-proofed Identities

Control Family:

Identification and Authentication

Parent Control:

IA-12: Identity Proofing

CSF v1.1 References:

PR.AC-1
PR.AC-6

Threats Addressed:

Spoofing
Repudiation
Lateral Movement

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Accept externally-proofed identities at [Assignment: organization-defined identity assurance level].

Supplemental Guidance

To limit unnecessary re-proofing of identities, particularly of non-PIV users, organizations accept proofing conducted at a commensurate level of assurance by other agencies or organizations. Proofing is consistent with organizational security policy and the identity assurance level appropriate for the system, application, or information accessed. Accepting externally-proofed identities is a fundamental component of managing federated identities across agencies and organizations.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5