Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
IA-2
User identification
and authentication
The information system uniquely
identifies and authenticates users
(or processes acting on behalf of
users).
IA-3
Device identification
and authentication
The information system identifies
and authenticates specific devices
before establishing a connection.
IA-4
Identiier
management
The organization manages user
identifiers by: (i) uniquely
identifying each user; (ii) verifying
the identity of each user; (iii)
receiving authorization to issue a
user identifier from an
appropriate organization official;
(iv) issuing the user identifier to
the intended party; (v) disabling
the user identifier after
[assignment: organization-
defined time period] of inactivity;
and (vi) archiving user identifiers.
IA-5
Authenticator
management
The organization manages
information system authenticators
by: (i) defining initial
authenticator content; (ii)
establishing administrative
procedures for initial
authenticator distribution, for
lost/compromised or damaged
authenticators, and for revoking
authenticators; (iii) changing
default authenticators upon
information system installation;
and (iv) changing/refreshing
authenticators periodically.
IA-6
Authenticator
feedback
The information system obscures
feedback of authentication
information during the
authentication process to protect
the information from possible
exploitation/use by unauthorized
individuals.
