Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

ia-5(15)

authenticator management  | ficam-approved products and services

assessment objective:

Determine if the organization uses only FICAM-approved path discovery and validation products and services.

potential assessment methods and objects:

Examine: [SELECT FROM: Identification and authentication policy; procedures addressing identifier management; security plan; information system design documentation; automated mechanisms providing dynamic binding of identifiers and authenticators; information system configuration settings and associated documentation; information system audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with identification and authentication management responsibilities; organizational personnel with information security responsibilities; system/network administrators].

Test: [select from: Automated mechanisms supporting and/or implementing account management capability; automated mechanisms supporting and/or implementing identification and authentication management capability for the information system].