>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA-3Device Identification and Authentication

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Uniquely identify and authenticate organization-defined devices and/or types of devices before establishing a [Selection (one or more): local; remote; network] connection.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Devices that require unique device-to-device identification and authentication are defined by type, device, or a combination of type and device. Organization-defined device types include devices that are not owned by the organization. Systems use shared known information (e.g., Media Access Control [MAC], Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., Institute of Electrical and Electronics Engineers (IEEE) 802.1x and Extensible Authentication Protocol [EAP], RADIUS server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify and authenticate devices on local and wide area networks.

Organizations determine the required strength of authentication mechanisms based on the security categories of systems and mission or business requirements. Because of the challenges of implementing device authentication on a large scale, organizations can restrict the application of the control to a limited number/type of devices based on mission or business needs.

>Programmatic Queries

Beta

Related Services

IoT Core
EC2 Instance Profiles
Systems Manager

CLI Commands

List IoT things
aws iot list-things
Check instance identity documents
aws ec2 describe-instances --query 'Reservations[*].Instances[*].{Id:InstanceId,Profile:IamInstanceProfile.Arn}'
List SSM managed instances
aws ssm describe-instance-information --query 'InstanceInformationList[*].{Id:InstanceId,Platform:PlatformType,Agent:AgentVersion}'
Check IoT certificates
aws iot list-certificates
Open AWS ConsoleDocumentation

>Related Controls

AC-17
AC-18
AC-19
AU-6
CA-3
CA-9
IA-4
IA-5
IA-9
IA-11
SI-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of IA-3 (Device Identification And Authentication)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring IA-3?
  • How frequently is the IA-3 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures IA-3 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce IA-3 requirements.
  • What automated tools, systems, or technologies are deployed to implement IA-3?
  • How is IA-3 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce IA-3 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of IA-3?
  • What audit logs, records, reports, or monitoring data validate IA-3 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of IA-3 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate IA-3 compliance?

Ask AI

Configure your API key to use AI features.