Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

ia-10

adaptive identification and authentication

assessment objective:

Determine if the organization:

ia-10[1]  

defines specific circumstances or situations that require individuals accessing the information system to employ supplemental authentication techniques or mechanisms;

ia-10[2]  

defines supplemental authentication techniques or mechanisms to be employed when accessing the information system under specific organization-defined circumstances or situations; and

ia-10[3]  

requires that individuals accessing the information system employ organization-defined supplemental authentication techniques or mechanisms under specific organization-defined circumstances or situations.

potential assessment methods and objects:

Examine: [SELECT FROM: Identification and authentication policy; procedures addressing adaptive/ supplemental identification and authentication techniques or mechanisms; security plan; information system design documentation; information system configuration settings and associated documentation; supplemental identification and authentication techniques or mechanisms; information system audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with information system operations responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers; organizational personnel with identification and authentication responsibilities].

Test: [select from: Automated mechanisms supporting and/or implementing identification and authentication capability].