IA-10 Adaptive Authentication
Require individuals accessing the system to employ ia-10_odp.01 under specific ia-10_odp.02.
| Parameter ID | Definition |
|---|---|
| ia-10_odp.01 | supplemental authentication techniques or mechanisms |
| ia-10_odp.02 | circumstances or situations |
Baselines
- L
- M
- H
- P
Guidance
Adversaries may compromise individual authentication mechanisms employed by organizations and subsequently attempt to impersonate legitimate users. To address this threat, organizations may employ specific techniques or mechanisms and establish protocols to assess suspicious behavior. Suspicious behavior may include accessing information that individuals do not typically access as part of their duties, roles, or responsibilities; accessing greater quantities of information than individuals would routinely access; or attempting to access information from suspicious network addresses. When pre-established conditions or triggers occur, organizations can require individuals to provide additional authentication information. Another potential use for adaptive authentication is to increase the strength of mechanism based on the number or types of records being accessed. Adaptive authentication does not replace and is not used to avoid the use of multi-factor authentication mechanisms but can augment implementations of multi-factor authentication.
References 1
- SP 800-63-3 Grassi PA, Garcia ME, Fenton JL (2017) Digital Identity Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-63-3, Includes updates as of March 2, 2020.
Related controls 2
- IA-02 Identification and Authentication (Organizational Users) L M H P
- IA-08 Identification and Authentication (Non-organizational Users) L M H P