>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GRR-1DoD PKI authentication

IL4 Mod
IL4 High
IL5
IL6

>Control Description

How is the CSP/CSO support for DoD PKI authentication by DoD privileged and non-privileged users implemented? Response should include the processes and protocols used along with their implementation. a) Does the CSO enforce DoD PKI (in accordance with DoDI 8520.03) for the authentication of both privileged and non-privileged users? This includes both the use of CAC physical tokens or Alt tokens, as well as DoD certificate revocation resources. b) Is the CSO DoD PK-enabled for their customer ordering/service management portals for all service offerings? c) If the CSO is a SaaS, is the CSO DoD PK-enabled for general DoD user access?

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What documented policies and procedures address dod pki authentication?
  • Who is accountable for implementing and maintaining dod pki authentication controls?
  • How frequently are dod pki authentication requirements reviewed, and what triggers updates?
  • What process ensures changes to systems maintain compliance with dod pki authentication requirements?
  • How are exceptions to dod pki authentication requirements documented and approved?

Technical Implementation:

  • What technical controls enforce dod pki authentication in your environment?
  • How are dod pki authentication controls configured and maintained across all systems?
  • What automated mechanisms support dod pki authentication compliance?
  • How do you validate that dod pki authentication implementations achieve their intended security outcome?
  • What compensating controls exist if primary dod pki authentication controls cannot be fully implemented?

Evidence & Documentation:

  • What documentation proves dod pki authentication is implemented and operating effectively?
  • Can you provide configuration evidence showing how dod pki authentication is technically enforced?
  • What audit logs or monitoring data demonstrate ongoing dod pki authentication compliance?
  • Can you show evidence of a recent review or assessment of dod pki authentication controls?
  • What artifacts would you provide during an assessment to demonstrate dod pki authentication compliance?

Ask AI

Configure your API key to use AI features.