Under active development Content is continuously updated and improved

IA-3(4)Device Identification And Authentication

Technical

>Control Description

DEVICE IDENTIFICATION AND AUTHENTICATION | DEVICE ATTESTATION The organization ensures that device identification and authentication based on attestation is handled by organization-defined configuration management process.

>Supplemental Guidance

Device attestation refers to the identification and authentication of a device based on its configuration and known operating state. This might be determined via some cryptographic hash of the device. If device attestation is the means of identification and authentication, then it is important that patches and updates to the device are handled via a configuration management process such that those patches/updates are done securely and at the same time do not disrupt the identification and authentication to other devices.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.