💼 PR.AA-04: Identity assertions are protected, conveyed, and verified

• Contextual name: 💼 PR.AA-04: Identity assertions are protected, conveyed, and verified
• ID: /frameworks/nist-csf-v2.0/pr-aa/04
• Located in: 💼 Identity Management, Authentication, and Access Control (PR.AA)

Description

1. Protect identity assertions that are used to convey authentication and user information through single sign-on systems
2. Protect identity assertions that are used to convey authentication and user information between federated systems
3. Implement standards-based approaches for identity assertions in all contexts, and follow all guidance for the generation (e.g., data models, metadata), protection (e.g., digital signing, encryption), and verification (e.g., signature validation) of identity assertions

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags