IA-8(4): Use of Defined Profiles

CSF v1.1 References:

Threats Addressed:


  • Low
  • Moderate
  • High

Previous Version:

Control Statement

Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles].

Supplemental Guidance

Organizations define profiles for identity management based on open identity management standards. To ensure that open identity management standards are viable, robust, reliable, sustainable, and interoperable as documented, the Federal Government assesses and scopes the standards and technology implementations against applicable laws, executive orders, directives, policies, regulations, standards, and guidelines.