IA-2(12)—Identification And Authentication (Organizational Users)

This control enhancement applies to organizations implementing logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. TBS does not mandate the use of PIV cards, but CSE recommends them as an identity credential.

Related controls: AU-2, PE-3, SA-4.