Skip to main content

πŸ’Ό IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES

  • Contextual name: πŸ’Ό IA-1 IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES
  • ID: /frameworks/nist-sp-800-53-r4/ia/01
  • Located in: πŸ’Ό IA IDENTIFICATION AND AUTHENTICATION

Description​

The organization: IA-1a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: IA-1a.1. An identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and IA-1a.2. Procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls; and IA-1b. Reviews and updates the current: IA-1b.1. Identification and authentication policy [Assignment: organization-defined frequency]; and IA-1b.2. Identification and authentication procedures [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-81e608ff

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.GV-1: Organizational cybersecurity policy is established and communicated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed22
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes1922
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions48
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)1922

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags