Joint task force transformation initiative


P1 LOW IA-8 (1) (2) (3) (4)



Download 5.8 Mb.
Page92/186
Date31.01.2017
Size5.8 Mb.
#13082
1   ...   88   89   90   91   92   93   94   95   ...   186

P1

LOW IA-8 (1) (2) (3) (4)

MOD IA-8 (1) (2) (3) (4)

HIGH IA-8 (1) (2) (3) (4)



IA-9 SERVICE IDENTIFICATION AND AUTHENTICATION


Control: The organization identifies and authenticates [Assignment: organization-defined information system services] using [Assignment: organization-defined security safeguards].

Supplemental Guidance: This control supports service-oriented architectures and other distributed architectural approaches requiring the identification and authentication of information system services. In such architectures, external services often appear dynamically. Therefore, information systems should be able to determine in a dynamic manner, if external providers and associated services are authentic. Safeguards implemented by organizational information systems to validate provider and service authenticity include, for example, information or code signing, provenance graphs, and/or electronic signatures indicating or including the sources of services.

Control Enhancements:

  1. service identification and authentication | information exchange

The organization ensures that service providers receive, validate, and transmit identification and authentication information.

  1. service identification and authentication | transmission of decisions

The organization ensures that identification and authentication decisions are transmitted between [Assignment: organization-defined services] consistent with organizational policies.

Supplemental Guidance: For distributed architectures (e.g., service-oriented architectures), the decisions regarding the validation of identification and authentication claims may be made by services separate from the services acting on those decisions. In such situations, it is necessary to provide the identification and authentication decisions (as opposed to the actual identifiers and authenticators) to the services that need to act on those decisions. Related control: SC-8.

References: None.

Priority and Baseline Allocation:

P0

LOW Not Selected

MOD Not Selected

HIGH Not Selected



IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION


Control: The organization requires that individuals accessing the information system employ [Assignment: organization-defined supplemental authentication techniques or mechanisms] under specific [Assignment: organization-defined circumstances or situations].

Supplemental Guidance: Adversaries may compromise individual authentication mechanisms and subsequently attempt to impersonate legitimate users. This situation can potentially occur with any authentication mechanisms employed by organizations. To address this threat, organizations may employ specific techniques/mechanisms and establish protocols to assess suspicious behavior (e.g., individuals accessing information that they do not typically access as part of their normal duties, roles, or responsibilities, accessing greater quantities of information than the individuals would routinely access, or attempting to access information from suspicious network addresses). In these situations when certain preestablished conditions or triggers occur, organizations can require selected individuals to provide additional authentication information. Another potential use for adaptive identification and authentication is to increase the strength of mechanism based on the number and/or types of records being accessed. Related controls: AU-6, SI-4.

Control Enhancements: None.

References: None.

Priority and Baseline Allocation:

P0

LOW Not Selected

MOD Not Selected

HIGH Not Selected


Directory: publications
publications -> Acm word Template for sig site
publications ->  Preparation of Papers for ieee transactions on medical imaging
publications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power law
publications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratory
publications -> Quantitative skills
publications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inverse
publications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinada
publications -> 1. 2 Authority 1 3 Planning Area 1
publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson

Download 5.8 Mb.

Share with your friends:
1   ...   88   89   90   91   92   93   94   95   ...   186




The database is protected by copyright ©ininet.org 2024
send message

    Main page