CoreOS 4.x - Identification and Authentication

Control responses for NIST 800-53 rev4.

NOTE: All CoreOS content is under active development through the ComplianceAsCode Project. Do not consider this content production ready!


Requirements Traceability Matrix

Control Name Status
IA-1 Identification And Authentication Policy And Procedures

not applicable

IA-2 Identification And Authentication (Organizational Users)
IA-2 (1) Network Access To Privileged Accounts
IA-2 (2) Network Access To Non-Privileged Accounts
IA-2 (3) Local Access To Privileged Accounts
IA-2 (4) Local Access To Non-Privileged Accounts
IA-2 (5) Group Authentication
IA-2 (6) Network Access To Privileged Accounts - Separate Device
IA-2 (7) Network Access To Non-Privileged Accounts - Separate Device
IA-2 (8) Network Access To Privileged Accounts - Replay Resistant
IA-2 (9) Network Access To Non-Privileged Accounts - Replay Resistant
IA-2 (10) Single Sign-On
IA-2 (11) Remote Access - Separate Device
IA-2 (12) Acceptance Of Piv Credentials
IA-2 (13) Out-Of-Band Authentication
IA-3 Device Identification And Authentication
IA-3 (1) Cryptographic Bidirectional Authentication
IA-3 (2) Cryptographic Bidirectional Network Authentication
IA-3 (3) Dynamic Address Allocation
IA-3 (4) Device Attestation
IA-4 Identifier Management
IA-4 (1) Prohibit Account Identifiers As Public Identifiers
IA-4 (2) Supervisor Authorization
IA-4 (3) Multiple Forms Of Certification
IA-4 (4) Identify User Status
IA-4 (5) Dynamic Management
IA-4 (6) Cross-Organization Management
IA-4 (7) In-Person Registration
IA-5 Authenticator Management
IA-5 (1) Password-Based Authentication
IA-5 (2) Pki-Based Authentication
IA-5 (3) In-Person Or Trusted Third-Party Registration
IA-5 (4) Automated Support For Password Strength Determination
IA-5 (5) Change Authenticators Prior To Delivery
IA-5 (6) Protection Of Authenticators
IA-5 (7) No Embedded Unencrypted Static Authenticators
IA-5 (8) Multiple Information System Accounts
IA-5 (9) Cross-Organization Credential Management
IA-5 (10) Dynamic Credential Association
IA-5 (11) Hardware Token-Based Authentication
IA-5 (12) Biometric-Based Authentication
IA-5 (13) Expiration Of Cached Authenticators
IA-5 (14) Managing Content Of Pki Trust Stores
IA-5 (15) Ficam-Approved Products And Services
IA-6 Authenticator Feedback
IA-7 Cryptographic Module Authentication
IA-8 Identification And Authentication (Non-Organizational Users)
IA-8 (1) Acceptance Of Piv Credentials From Other Agencies
IA-8 (2) Acceptance Of Third-Party Credentials
IA-8 (3) Use Of Ficam-Approved Products
IA-8 (4) Use Of Ficam-Issued Profiles
IA-8 (5) Acceptance Of Piv-I Credentials
IA-9 Service Identification And Authentication
IA-9 (1) Information Exchange
IA-9 (2) Transmission Of Decisions
IA-10 Adaptive Identification And Authentication
IA-11 Re-Authentication



IA-1: Identification And Authentication Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. An identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls; and b. Reviews and updates the current: 1. Identification and authentication policy [Assignment: organization-defined frequency]; and 2. Identification and authentication procedures [Assignment: organization-defined frequency].

IA-1 Control Response Information
Implementation Status:

not applicable

IA-1: What is the solution and how is it implemented?



IA-2: Identification And Authentication (Organizational Users)

“The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).”

IA-2 Control Response Information
Implementation Status: