💼 IA-2 Identification and Authentication (Organizational Users) (L)(M)(H)
- Contextual name: 💼 IA-2 Identification and Authentication (Organizational Users) (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/ia/02 - Located in: 💼 Identification and Authentication
Description​
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.
IA-2 Additional FedRAMP Requirements and Guidance:
Guidance: "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.
Requirement: For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B.
Requirement: Multi-factor authentication must be phishing-resistant.
Requirement: All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate.
Similar​
- Sections
/frameworks/nist-sp-800-53-r5/ia/02
- Internal
- ID:
dec-c-eb896af4
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 IA-2 Identification and Authentication (organizational Users) | 13 | 2 |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H) | 2 | |||
| 💼 IA-2(2) Multi-factor Authentication to Non-privileged Accounts (L)(M)(H) | 2 | |||
| 💼 IA-2(8) Access to Accounts — Replay Resistant (L)(M)(H) | 2 | |||
| 💼 IA-2(12) Acceptance of PIV Credentials (L)(M)(H) |