πΌ IA-2 Identification and Authentication (Organizational Users) (L)(M)(H)
- Contextual name: πΌ IA-2 Identification and Authentication (Organizational Users) (L)(M)(H)
- ID:
/frameworks/fedramp-low-security-controls/ia/02 - Located in: πΌ Identification and Authentication
Descriptionβ
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.
IA-2 Additional FedRAMP Requirements and Guidance:
Guidance: "Phishing-resistant" authentication refers to authentication processes designed to detect and prevent disclosure of authentication secrets and outputs to a website or application masquerading as a legitimate system.
Requirement: For all control enhancements that specify multifactor authentication, the implementation must adhere to the Digital Identity Guidelines specified in NIST Special Publication 800-63B.
Requirement: Multi-factor authentication must be phishing-resistant.
Requirement: All uses of encrypted virtual private networks must meet all applicable Federal requirements and architecture, dataflow, and security and privacy controls must be documented, assessed, and authorized to operate.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/ia/02
- Internal
- ID:
dec-c-eb896af4
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ IA-2 Identification and Authentication (organizational Users) | 13 | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H) | 2 | |||
| πΌ IA-2(2) Multi-factor Authentication to Non-privileged Accounts (L)(M)(H) | 2 | |||
| πΌ IA-2(8) Access to Accounts β Replay Resistant (L)(M)(H) | 2 | |||
| πΌ IA-2(12) Acceptance of PIV Credentials (L)(M)(H) |