IA - Identification and Authentication

Inventory

Number Title Low Moderate High Privacy
IA-01 Policy and Procedures
IA-02 Identification and Authentication (Organizational Users)
IA-02(01) Multi-factor Authentication to Privileged Accounts
IA-02(02) Multi-factor Authentication to Non-privileged Accounts
IA-02(03) Local Access to Privileged Accounts Incorporated into IA-2.1.
IA-02(04) Local Access to Non-privileged Accounts Incorporated into IA-2.2.
IA-02(05) Individual Authentication with Group Authentication
IA-02(06) Access to Accounts —separate Device
IA-02(07) Network Access to Non-privileged Accounts — Separate Device Incorporated into IA-2.6.
IA-02(08) Access to Accounts — Replay Resistant
IA-02(09) Network Access to Non-privileged Accounts — Replay Resistant Incorporated into IA-2.8.
IA-02(10) Single Sign-on
IA-02(11) Remote Access — Separate Device Incorporated into IA-2.6.
IA-02(12) Acceptance of PIV Credentials
IA-02(13) Out-of-band Authentication
IA-03 Device Identification and Authentication
IA-03(01) Cryptographic Bidirectional Authentication
IA-03(02) Cryptographic Bidirectional Network Authentication Incorporated into IA-3.1.
IA-03(03) Dynamic Address Allocation
IA-03(04) Device Attestation
IA-04 Identifier Management
IA-04(01) Prohibit Account Identifiers as Public Identifiers
IA-04(02) Supervisor Authorization Incorporated into IA-12.1.
IA-04(03) Multiple Forms of Certification Incorporated into IA-12.2.
IA-04(04) Identify User Status
IA-04(05) Dynamic Management
IA-04(06) Cross-organization Management
IA-04(07) In-person Registration Incorporated into IA-12.4.
IA-04(08) Pairwise Pseudonymous Identifiers
IA-04(09) Attribute Maintenance and Protection
IA-05 Authenticator Management
IA-05(01) Password-based Authentication
IA-05(02) Public Key-based Authentication
IA-05(03) In-person or Trusted External Party Registration Incorporated into IA-12.4.
IA-05(04) Automated Support for Password Strength Determination Incorporated into IA-5.1.
IA-05(05) Change Authenticators Prior to Delivery
IA-05(06) Protection of Authenticators
IA-05(07) No Embedded Unencrypted Static Authenticators
IA-05(08) Multiple System Accounts
IA-05(09) Federated Credential Management
IA-05(10) Dynamic Credential Binding
IA-05(11) Hardware Token-based Authentication Incorporated into IA-2.1 AND IA-2.2.
IA-05(12) Biometric Authentication Performance
IA-05(13) Expiration of Cached Authenticators
IA-05(14) Managing Content of PKI Trust Stores
IA-05(15) GSA-approved Products and Services
IA-05(16) In-person or Trusted External Party Authenticator Issuance
IA-05(17) Presentation Attack Detection for Biometric Authenticators
IA-05(18) Password Managers
IA-06 Authentication Feedback
IA-07 Cryptographic Module Authentication
IA-08 Identification and Authentication (Non-organizational Users)
IA-08(01) Acceptance of PIV Credentials from Other Agencies
IA-08(02) Acceptance of External Authenticators
IA-08(03) Use of FICAM-approved Products Incorporated into IA-8.2.
IA-08(04) Use of Defined Profiles
IA-08(05) Acceptance of PIV-I Credentials
IA-08(06) Disassociability
IA-09 Service Identification and Authentication
IA-09(01) Information Exchange Incorporated into IA-9.
IA-09(02) Transmission of Decisions Incorporated into IA-9.
IA-10 Adaptive Authentication
IA-11 Re-authentication
IA-12 Identity Proofing
IA-12(01) Supervisor Authorization
IA-12(02) Identity Evidence
IA-12(03) Identity Evidence Validation and Verification
IA-12(04) In-person Validation and Verification
IA-12(05) Address Confirmation
IA-12(06) Accept Externally-proofed Identities
IA-13 Identity Providers and Authorization Servers
IA-13(01) Protection of Cryptographic Keys
IA-13(02) Verification of Identity Assertions and Access Tokens
IA-13(03) Token Management