IA-09 Service Identification and Authentication
Uniquely identify and authenticate ia-09_odp before establishing communications with devices, users, or other services or applications.
|ia-09_odp||system services and applications|
Services that may require identification and authentication include web applications using digital certificates or services or applications that query a database. Identification and authentication methods for system services and applications include information or code signing, provenance graphs, and electronic signatures that indicate the sources of services. Decisions regarding the validity of identification and authentication claims can be made by services separate from the services acting on those decisions. This can occur in distributed system architectures. In such situations, the identification and authentication decisions (instead of actual identifiers and authentication data) are provided to the services that need to act on those decisions.
Control Enhancements 2
- IA-09(01) Information Exchange
- IA-09(02) Transmission of Decisions
Related controls 4
- IA-03 Device Identification and Authentication L M H P
- IA-04 Identifier Management L M H P
- IA-05 Authenticator Management L M H P
- SC-08 Transmission Confidentiality and Integrity L M H P