Guidance for NIST 800-171 Assessment & Compliance

IA-8(5) IDENTIFICATION AND AUTHENTICATION | ACCEPTANCE OF PIV-I CREDENTIALS

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

(O)ther than satisfactory +##

###

ia-8(5)	identification and authentication \| acceptance of piv-i credentials
	assessment objective: Determine if the information system:
	ia-8(5)[1]	accepts Personal Identity Verification-I (PIV-I) credentials; and
	ia-8(5)[2]	electronically verifies Personal Identity Verification-I (PIV-I) credentials.
	potential assessment methods and objects: Examine: [select from: Identification and authentication policy; procedures addressing user identification and authentication; information system design documentation; information system configuration settings and associated documentation; information system audit records; PIV-I verification records; evidence of PIV-I credentials; PIV-I credential authorizations; other relevant documents or records]. Interview: [select from: Organizational personnel with information system operations responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers; organizational personnel with account management responsibilities]. Test: [select from: Automated mechanisms supporting and/or implementing identification and authentication capability; automated mechanisms that accept and verify PIV-I credentials].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056