>myctrl.tools
GitHub

IA-13Identity Providers And Authorization Servers

>Control Description

Employ identity providers and authorization servers to manage user, device, and non-person entity (NPE) identities, attributes, and access rights supporting authentication and authorization decisions in accordance with [Assignment: organization-defined identification and authentication policy] using [Assignment: organization-defined mechanisms].

>Supplemental Guidance

Identity providers, both internal and external to the organization, manage the user, device, and NPE authenticators and issue statements, often called identity assertions, attesting to identities of other systems or systems components. Authorization servers create and issue access tokens to identified and authenticated users and devices that can be used to gain access to system or information resources. For example, single sign-on (SSO) provides identity provider and authorization server functions. Authenticator management (to include credential management) is covered by IA-05.

>Related Controls

AC-3
IA-2
IA-3
IA-8
IA-9
IA-12

>Control Enhancements

IA-13(1)
IA-13(2)
IA-13(3)