IA-8(4): Use of Defined Profiles

Control Family:

Identification and Authentication

Parent Control:

IA-8: Identification and Authentication (non-organizational Users)

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

Threats Addressed:

Spoofing
Repudiation

Baselines:

Low
Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
IA-8(4): Use Of Ficam-Issued Profiles

Control Statement

Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles].

Supplemental Guidance

Organizations define profiles for identity management based on open identity management standards. To ensure that open identity management standards are viable, robust, reliable, sustainable, and interoperable as documented, the Federal Government assesses and scopes the standards and technology implementations against applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.