OpenStack Platform 13 - Identification and Authentication

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
IA-1 Identification And Authentication Policy And Procedures

not applicable

IA-2 Identification And Authentication (Organizational Users)

complete

IA-2 (1) Network Access To Privileged Accounts

planned

IA-2 (2) Network Access To Non-Privileged Accounts

planned

IA-2 (3) Local Access To Privileged Accounts

planned

IA-2 (4) Local Access To Non-Privileged Accounts

planned

IA-2 (5) Group Authentication

complete

IA-2 (6) Network Access To Privileged Accounts - Separate Device
IA-2 (7) Network Access To Non-Privileged Accounts - Separate Device
IA-2 (8) Network Access To Privileged Accounts - Replay Resistant

planned

IA-2 (9) Network Access To Non-Privileged Accounts - Replay Resistant

planned

IA-2 (10) Single Sign-On
IA-2 (11) Remote Access - Separate Device

planned

IA-2 (12) Acceptance Of Piv Credentials

planned

IA-2 (13) Out-Of-Band Authentication
IA-3 Device Identification And Authentication

planned

IA-3 (1) Cryptographic Bidirectional Authentication
IA-3 (2) Cryptographic Bidirectional Network Authentication
IA-3 (3) Dynamic Address Allocation
IA-3 (4) Device Attestation
IA-4 Identifier Management

not applicable

IA-4 (1) Prohibit Account Identifiers As Public Identifiers
IA-4 (2) Supervisor Authorization
IA-4 (3) Multiple Forms Of Certification
IA-4 (4) Identify User Status

planned

IA-4 (5) Dynamic Management
IA-4 (6) Cross-Organization Management
IA-4 (7) In-Person Registration
IA-5 Authenticator Management

not applicable

IA-5 (1) Password-Based Authentication

not applicable

IA-5 (2) Pki-Based Authentication

planned

IA-5 (3) In-Person Or Trusted Third-Party Registration

not applicable

IA-5 (4) Automated Support For Password Strength Determination

not applicable

IA-5 (5) Change Authenticators Prior To Delivery
IA-5 (6) Protection Of Authenticators

planned

IA-5 (7) No Embedded Unencrypted Static Authenticators

planned

IA-5 (8) Multiple Information System Accounts
IA-5 (9) Cross-Organization Credential Management
IA-5 (10) Dynamic Credential Association
IA-5 (11) Hardware Token-Based Authentication

not applicable

IA-5 (12) Biometric-Based Authentication
IA-5 (13) Expiration Of Cached Authenticators

planned

IA-5 (14) Managing Content Of Pki Trust Stores
IA-5 (15) Ficam-Approved Products And Services
IA-6 Authenticator Feedback

complete

IA-7 Cryptographic Module Authentication

planned

IA-8 Identification And Authentication (Non-Organizational Users)

planned

IA-8 (1) Acceptance Of Piv Credentials From Other Agencies

planned

IA-8 (2) Acceptance Of Third-Party Credentials

planned

IA-8 (3) Use Of Ficam-Approved Products

planned

IA-8 (4) Use Of Ficam-Issued Profiles

planned

IA-8 (5) Acceptance Of Piv-I Credentials