Under active development — Content is continuously updated and improved

Home / Frameworks / NIST SP 800-53 / IA — Identification and Authentication

IA — Identification and Authentication

74 controls in the Identification and Authentication family

IA-1Policy And Procedures

IA-2Identification And Authentication (Organizational Users)

IA-2(1)Multi-Factor Authentication To Privileged Accounts

IA-2(2)Multi-Factor Authentication To Non-Privileged Accounts

IA-2(3)Local Access To Privileged Accounts

IA-2(4)Local Access To Non-Privileged Accounts

IA-2(5)Individual Authentication With Group Authentication

IA-2(6)Access To Accounts --Separate Device

IA-2(7)Network Access To Non-Privileged Accounts -- Separate Device

IA-2(8)Access To Accounts -- Replay Resistant

IA-2(9)Network Access To Non-Privileged Accounts -- Replay Resistant

IA-2(10)Single Sign-On

IA-2(11)Remote Access -- Separate Device

IA-2(12)Acceptance Of Piv Credentials

IA-2(13)Out-Of-Band Authentication

IA-3Device Identification And Authentication

IA-3(1)Cryptographic Bidirectional Authentication

IA-3(2)Cryptographic Bidirectional Network Authentication

IA-3(3)Dynamic Address Allocation

IA-3(4)Device Attestation

IA-4Identifier Management

IA-4(1)Prohibit Account Identifiers As Public Identifiers

IA-4(2)Supervisor Authorization

IA-4(3)Multiple Forms Of Certification

IA-4(4)Identify User Status

IA-4(5)Dynamic Management

IA-4(6)Cross-Organization Management

IA-4(7)In-Person Registration

IA-4(8)Pairwise Pseudonymous Identifiers

IA-4(9)Attribute Maintenance And Protection

IA-5Authenticator Management

IA-5(1)Password-Based Authentication

IA-5(2)Public Key-Based Authentication

IA-5(3)In-Person Or Trusted External Party Registration

IA-5(4)Automated Support For Password Strength Determination

IA-5(5)Change Authenticators Prior To Delivery

IA-5(6)Protection Of Authenticators

IA-5(7)No Embedded Unencrypted Static Authenticators

IA-5(8)Multiple System Accounts

IA-5(9)Federated Credential Management

IA-5(10)Dynamic Credential Binding

IA-5(11)Hardware Token-Based Authentication

IA-5(12)Biometric Authentication Performance

IA-5(13)Expiration Of Cached Authenticators

IA-5(14)Managing Content Of Pki Trust Stores

IA-5(15)Gsa-Approved Products And Services

IA-5(16)In-Person Or Trusted External Party Authenticator Issuance

IA-5(17)Presentation Attack Detection For Biometric Authenticators

IA-5(18)Password Managers

IA-6Authentication Feedback

IA-7Cryptographic Module Authentication

IA-8Identification And Authentication (Non-Organizational Users)

IA-8(1)Acceptance Of Piv Credentials From Other Agencies

IA-8(2)Acceptance Of External Authenticators

IA-8(3)Use Of Ficam-Approved Products

IA-8(4)Use Of Defined Profiles

IA-8(5)Acceptance Of Piv-I Credentials

IA-8(6)Disassociability

IA-9Service Identification And Authentication

IA-9(1)Information Exchange

IA-9(2)Transmission Of Decisions

IA-10Adaptive Authentication

IA-11Re-Authentication

IA-12Identity Proofing

IA-12(1)Supervisor Authorization

IA-12(2)Identity Evidence

IA-12(3)Identity Evidence Validation And Verification

IA-12(4)In-Person Validation And Verification

IA-12(5)Address Confirmation

IA-12(6)Accept Externally-Proofed Identities

IA-13Identity Providers And Authorization Servers

IA-13(1)Protection Of Cryptographic Keys

IA-13(2)Verification Of Identity Assertions And Access Tokens

IA-13(3)Token Management

← Back to all controls