>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA-9Service Identification And Authentication

Technical

>Control Description

(A) The organization identifies and authenticates organization-defined information system services using organization-defined security safeguards.

>Supplemental Guidance

This control supports service-oriented architectures and other distributed architectural approaches requiring the identification and authentication of information system services. In such architectures, external services often appear dynamically. Therefore, information systems should be able to determine in a dynamic manner, if external providers and associated services are authentic.

Safeguards implemented by organizational information systems to validate provider and service authenticity include, for example, information or code signing, provenance graphs, and/or electronic signatures indicating or including the sources of services

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.