Identification and Authentication (IA) IA – 1 – Identification and Authentication Policy and Procedures
Program-specific policies and procedures shall be included in the specific security controls listed below. There is no requirement for the Program to develop additional policy to meet the -1 control.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2 – Identification and Authentication (Organizational Users)
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2(3) – Identification and Authentication: Local Access to Privileged Accounts
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2(4) – Identification and Authentication: Local Access to Non-Privileged Accounts
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2(5) – Identification and Authentication: Group Authentication
After a relevance determination, this control can be tailored out for standalone IS with a single user.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2(8) – Identification and Authentication: Network Access to Privileged Accounts – Replay Resistant
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2(9) – Identification and Authentication (Organizational Users): Network Access to Non-Privileged Accounts – Replay Resistant
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-2(11) – Identification and Authentication (Organizational Users): Remote Access-Separate Device
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Quarterly
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Semi-Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-3(1) – Device Identification and Authentication: Cryptographic Bi-Directional Authentication
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Semi-Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-4 – Identifier Management
Recommended Continuous Monitoring Frequency: Semi-Annual
Program Frequency:
������������������
Selecting an identifier that identifies an individual, group, role, or device.
Click here to enter text.
Assigning the identifier to the intended individual, group, role, or device.
Click here to enter text.
Preventing reuse of identifiers.
Click here to enter text.
Disabling the identifier after a period not to exceed 90 days of inactivity for individuals, groups, or roles; not appropriate to define for device identifiers; e.g., media access control (MAC), IP addresses, or device unique token identifiers.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-4(4) – Identifier Management: Identify User Status
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Semi-Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-5 – Authenticator Management
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
Establishing initial authenticator content for authenticators defined by the organization.
Click here to enter text.
Ensuring that authenticators have sufficient strength of mechanism for their intended use.
Click here to enter text.
Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators.
Click here to enter text.
Changing default content of authenticators prior to information system installation.
Click here to enter text.
Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators.
Click here to enter text.
Changing/refreshing authenticators within a time period not to exceed 90 days for passwords; system defined time period for other authenticator types.
Click here to enter text.
Protecting authenticator content from unauthorized disclosure and modification.
Click here to enter text.
Requiring individuals to take, and having devices implement, specific security safeguards to protect authenticators.
Click here to enter text.
Changing authenticators for group/role accounts when membership to those accounts change.
Click here to enter text.
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-5(1) – Authenticator Management: Password-Based Authentication
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-5(4) – Authenticator Management: Automated Support for Password Strength Determination
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-5(8) – Authenticator Management: Multiple Information System Accounts
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-5(11) – Authenticator Management: Hardware Token-Based Authentication
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-5(13) – Authenticator Management: Expiration of Cached Authenticators
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-6 – Authenticator Feedback
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-7 – Cryptographic Module Authentication
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-8 – Identification and Authentication (Non-Organizational Users)
After a relevance determination, this control can be tailored out for standalone IS with single users.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-8(1) – Identification and Authentication (Non-Organizational Users): Acceptance of PIV Credentials from Other Agencies
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-8(2) – Identification and Authentication (Non-Organizational Users): Acceptance of Third-Party Credentials
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-8(3) – Identification and Authentication (Non-Organizational Users): Use of FICAM Approved Products
After a relevance determination, this control can be tailored out for standalone IS.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
IA-8(4) - Identification and Authentication (Non-Organizational Users)
This control may be tailored out.
Recommended Continuous Monitoring Frequency: Annual
Program Frequency:
������������������
CONTINUOUS MONITORING STRATEGY
Click here to enter text.
Share with your friends: | 
