Guidance for NIST 800-171 Assessment & Compliance
Table E-7: Tailoring Actions for Identification and Authentication Controls
NIST SP 800-53 MODERATE BASELINE SECURITY CONTROLS |
TAILORING |
|
IA-1 |
Identification and Authentication Policy and Procedures |
NFO |
IA-2 |
Identification and Authentication (Organizational Users) |
CUI |
IA-2(1) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | NETWORK ACCESS TO PRIVILEGED ACCOUNTS |
CUI |
IA-2(2) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | NETWORK ACCESS TO NON-PRIVILEGED ACCOUNTS |
CUI |
IA-2(3) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | LOCAL ACCESS TO PRIVILEGED ACCOUNTS |
CUI |
IA-2(8) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | NETWORK ACCESS TO PRIVILEGED ACCOUNTS - REPLAY RESISTANT |
CUI |
IA-2(9) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | NETWORK ACCESS TO NON-PRIVILEGED ACCOUNTS - REPLAY RESISTANT |
CUI |
IA-2(11) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | REMOTE ACCESS - SEPARATE DEVICE |
FED |
IA-2(12) |
IDENTIFICATION AND AUTHENTICATION (ORGANIZATIONAL USERS) | ACCEPTANCE OF PIV CREDENTIALS |
FED |
IA-3 |
Device Identification and Authentication |
NCO |
IA-4 |
Identifier Management |
CUI |
IA-5 |
Authenticator Management |
CUI |
IA-5(1) |
AUTHENTICATOR MANAGEMENT | PASSWORD-BASED AUTHENTICATION |
CUI |
IA-5(2) |
AUTHENTICATOR MANAGEMENT | PKI-BASED AUTHENTICATION |
FED |
IA-5(3) |
AUTHENTICATOR MANAGEMENT | IN-PERSON OR TRUSTED THIRD-PARTY REGISTRATION |
FED |
IA-5(11) |
AUTHENTICATOR MANAGEMENT | HARDWARE TOKEN-BASED AUTHENTICATION |
FED |
IA-6 |
Authenticator Feedback |
CUI |
IA-7 |
Cryptographic Module Authentication |
FED |
IA-8 |
Identification and Authentication (Non-Organizational Users) |
FED |
IA-8(1) |
IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES |
FED |
IA-8(2) |
IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | ACCEPTANCE OF THIRD-PARTY CREDENTIALS |
FED |
IA-8(3) |
IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | USE OF FICAM-APPROVED PRODUCTS |
FED |
IA-8(4) |
IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) | USE OF FICAM-ISSUED PROFILES |
FED |
