| 💼 IA-1 Policy and Procedures (L)(M)(H) | | | | |
| 💼 IA-2 Identification and Authentication (Organizational Users) (L)(M)(H) | 6 | | 1 | |
|     💼 IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H) | | | 2 | |
|     💼 IA-2(2) Multi-factor Authentication to Non-privileged Accounts (L)(M)(H) | | | 2 | |
|     💼 IA-2(5) Individual Authentication with Group Authentication (M)(H) | | | | |
|     💼 IA-2(6) Access to Accounts —separate Device (M)(H) | | | 2 | |
|     💼 IA-2(8) Access to Accounts — Replay Resistant (L)(M)(H) | | | 2 | |
|     💼 IA-2(12) Acceptance of PIV Credentials (L)(M)(H) | | | | |
| 💼 IA-3 Device Identification and Authentication (M)(H) | | | | |
| 💼 IA-4 Identifier Management (L)(M)(H) | 1 | | 1 | |
|     💼 IA-4(4) Identify User Status (M)(H) | | | | |
| 💼 IA-5 Authenticator Management (L)(M)(H) | 4 | | 25 | |
|     💼 IA-5(1) Password-based Authentication (L)(M)(H) | | | 8 | |
|     💼 IA-5(2) Public Key-based Authentication (M)(H) | | | 1 | |
|     💼 IA-5(6) Protection of Authenticators (M)(H) | | | | |
|     💼 IA-5(7) No Embedded Unencrypted Static Authenticators (M)(H) | | | | |
| 💼 IA-6 Authentication Feedback (L)(M)(H) | | | 1 | |
| 💼 IA-7 Cryptographic Module Authentication (L)(M)(H) | | | | |
| 💼 IA-8 Identification and Authentication (Non-organizational Users) (L)(M)(H) | 3 | | | |
|     💼 IA-8(1) Acceptance of PIV Credentials from Other Agencies (L)(M)(H) | | | | |
|     💼 IA-8(2) Acceptance of External Authenticators (L)(M)(H) | | | | |
|     💼 IA-8(4) Use of Defined Profiles (L)(M)(H) | | | | |
| 💼 IA-11 Re-authentication (L)(M)(H) | | | | |
| 💼 IA-12 Identity Proofing (M)(H) | 3 | | | |
|     💼 IA-12(2) Identity Evidence (M)(H) | | | | |
|     💼 IA-12(3) Identity Evidence Validation and Verification (M)(H) | | | | |
|     💼 IA-12(5) Address Confirmation (M)(H) | | | | |