| πΌ IA-1 Policy and Procedures | | | | | no data |
| πΌ IA-2 Identification and Authentication (organizational Users) | 13 | | 3 | | no data |
| γπΌ IA-2(1) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Privileged Accounts | | | 3 | | no data |
| γπΌ IA-2(2) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Non-privileged Accounts | | | 3 | | no data |
| γπΌ IA-2(3) Identification and Authentication (organizational Users) _ Local Access to Privileged Accounts | | | | | no data |
| γπΌ IA-2(4) Identification and Authentication (organizational Users) _ Local Access to Non-privileged Accounts | | | | | no data |
| γπΌ IA-2(5) Identification and Authentication (organizational Users) _ Individual Authentication with Group Authentication | | | | | no data |
| γπΌ IA-2(6) Identification and Authentication (organizational Users) _ Access to Accounts βseparate Device | | | 3 | | no data |
| γπΌ IA-2(7) Identification and Authentication (organizational Users) _ Network Access to Non-privileged Accounts β Separate Device | | | | | no data |
| γπΌ IA-2(8) Identification and Authentication (organizational Users) _ Access to Accounts β Replay Resistant | | | 3 | | no data |
| γπΌ IA-2(9) Identification and Authentication (organizational Users) _ Network Access to Non-privileged Accounts β Replay Resistant | | | | | no data |
| γπΌ IA-2(10) Identification and Authentication (organizational Users) _ Single Sign-on | | | | | no data |
| γπΌ IA-2(11) Identification and Authentication (organizational Users) _ Remote Access β Separate Device | | | | | no data |
| γπΌ IA-2(12) Identification and Authentication (organizational Users) _ Acceptance of PIV Credentials | | | | | no data |
| γπΌ IA-2(13) Identification and Authentication (organizational Users) _ Out-of-band Authentication | | | | | no data |
| πΌ IA-3 Device Identification and Authentication | 4 | | | | no data |
| γπΌ IA-3(1) Device Identification and Authentication _ Cryptographic Bidirectional Authentication | | | | | no data |
| γπΌ IA-3(2) Device Identification and Authentication _ Cryptographic Bidirectional Network Authentication | | | | | no data |
| γπΌ IA-3(3) Device Identification and Authentication _ Dynamic Address Allocation | | | | | no data |
| γπΌ IA-3(4) Device Identification and Authentication _ Device Attestation | | | | | no data |
| πΌ IA-4 Identifier Management | 9 | | | | no data |
| γπΌ IA-4(1) Identifier Management _ Prohibit Account Identifiers as Public Identifiers | | | | | no data |
| γπΌ IA-4(2) Identifier Management _ Supervisor Authorization | | | | | no data |
| γπΌ IA-4(3) Identifier Management _ Multiple Forms of Certification | | | | | no data |
| γπΌ IA-4(4) Identifier Management _ Identify User Status | | | | | no data |
| γπΌ IA-4(5) Identifier Management _ Dynamic Management | | | | | no data |
| γπΌ IA-4(6) Identifier Management _ Cross-organization Management | | | | | no data |
| γπΌ IA-4(7) Identifier Management _ In-person Registration | | | | | no data |
| γπΌ IA-4(8) Identifier Management _ Pairwise Pseudonymous Identifiers | | | | | no data |
| γπΌ IA-4(9) Identifier Management _ Attribute Maintenance and Protection | | | | | no data |
| πΌ IA-5 Authenticator Management | 18 | | 16 | | no data |
| γπΌ IA-5(1) Authenticator Management _ Password-based Authentication | | | 8 | | no data |
| γπΌ IA-5(2) Authenticator Management _ Public Key-based Authentication | | | | | no data |
| γπΌ IA-5(3) Authenticator Management _ In-person or Trusted External Party Registration | | | | | no data |
| γπΌ IA-5(4) Authenticator Management _ Automated Support for Password Strength Determination | | | | | no data |
| γπΌ IA-5(5) Authenticator Management _ Change Authenticators Prior to Delivery | | | | | no data |
| γπΌ IA-5(6) Authenticator Management _ Protection of Authenticators | | | | | no data |
| γπΌ IA-5(7) Authenticator Management _ No Embedded Unencrypted Static Authenticators | | | | | no data |
| γπΌ IA-5(8) Authenticator Management _ Multiple System Accounts | | | | | no data |
| γπΌ IA-5(9) Authenticator Management _ Federated Credential Management | | | | | no data |
| γπΌ IA-5(10) Authenticator Management _ Dynamic Credential Binding | | | | | no data |
| γπΌ IA-5(11) Authenticator Management _ Hardware Token-based Authentication | | | | | no data |
| γπΌ IA-5(12) Authenticator Management _ Biometric Authentication Performance | | | | | no data |
| γπΌ IA-5(13) Authenticator Management _ Expiration of Cached Authenticators | | | | | no data |
| γπΌ IA-5(14) Authenticator Management _ Managing Content of PKI Trust Stores | | | | | no data |
| γπΌ IA-5(15) Authenticator Management _ GSA-approved Products and Services | | | | | no data |
| γπΌ IA-5(16) Authenticator Management _ In-person or Trusted External Party Authenticator Issuance | | | | | no data |
| γπΌ IA-5(17) Authenticator Management _ Presentation Attack Detection for Biometric Authenticators | | | | | no data |
| γπΌ IA-5(18) Authenticator Management _ Password Managers | | | | | no data |
| πΌ IA-6 Authentication Feedback | | | | | no data |
| πΌ IA-7 Cryptographic Module Authentication | | | | | no data |
| πΌ IA-8 Identification and Authentication (non-organizational Users) | 6 | | | | no data |
| γπΌ IA-8(1) Identification and Authentication (non-organizational Users) _ Acceptance of PIV Credentials from Other Agencies | | | | | no data |
| γπΌ IA-8(2) Identification and Authentication (non-organizational Users) _ Acceptance of External Authenticators | | | | | no data |
| γπΌ IA-8(3) Identification and Authentication (non-organizational Users) _ Use of FICAM-approved Products | | | | | no data |
| γπΌ IA-8(4) Identification and Authentication (non-organizational Users) _ Use of Defined Profiles | | | | | no data |
| γπΌ IA-8(5) Identification and Authentication (non-organizational Users) _ Acceptance of PVI-I Credentials | | | | | no data |
| γπΌ IA-8(6) Identification and Authentication (non-organizational Users) _ Disassociability | | | | | no data |
| πΌ IA-9 Service Identification and Authentication | 2 | | | | no data |
| γπΌ IA-9(1) Service Identification and Authentication _ Information Exchange | | | | | no data |
| γπΌ IA-9(2) Service Identification and Authentication _ Transmission of Decisions | | | | | no data |
| πΌ IA-10 Adaptive Authentication | | | | | no data |
| πΌ IA-11 Re-authentication | | | | | no data |
| πΌ IA-12 Identity Proofing | 6 | | | | no data |
| γπΌ IA-12(1) Identity Proofing _ Supervisor Authorization | | | | | no data |
| γπΌ IA-12(2) Identity Proofing _ Identity Evidence | | | | | no data |
| γπΌ IA-12(3) Identity Proofing _ Identity Evidence Validation and Verification | | | | | no data |
| γπΌ IA-12(4) Identity Proofing _ In-person Validation and Verification | | | | | no data |
| γπΌ IA-12(5) Identity Proofing _ Address Confirmation | | | | | no data |
| γπΌ IA-12(6) Identity Proofing _ Accept Externally-proofed Identities | | | | | no data |