Home / Frameworks / GovRAMP / IA — Identification and Authentication

IA — Identification and Authentication

19 controls in the Identification and Authentication family

IA-01Policy and Procedures

IA-02Identification and Authentication (organizational Users)

IA-02(01)Identification and Authentication (organizational Users) | Multi-factor Authentication to Privileged Accounts

IA-02(02)Identification and Authentication (organizational Users) | Multi-factor Authentication to Non-privileged Accounts

IA-02(05)Identification and Authentication (organizational Users) | Individual Authentication with Group Authentication

IA-02(08)Identification and Authentication (organizational Users) | Access to Accounts — Replay Resistant

IA-03Device Identification and Authentication

IA-04Identifier Management

IA-04(04)Identifier Management | Identify User Status

IA-05Authenticator Management

IA-05(01)Authenticator Management | Password-based Authentication

IA-05(02)Authenticator Management | Public Key-based Authentication

IA-05(06)Authenticator Management | Protection of Authenticators

IA-05(07)Authenticator Management | No Embedded Unencrypted Static Authenticators

IA-06Authentication Feedback

IA-07Cryptographic Module Authentication

IA-08Identification and Authentication (non-organizational Users)

IA-08(02)Identification and Authentication (non-organizational Users) | Acceptance of External Authenticators

IA-08(04)Identification and Authentication (non-organizational Users) | Use of Defined Profiles

← Back to all controls