Identification and Authentication (IA)

Level N/A

a. Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines; b. Resolve user identities to a unique individual; and c. Collect, validate, and verify identity evidence.

Login

Identification and Authentication (IA)

Require that the registration process to receive an account for logical access includes supervisor or sponsor authorization.

Login

Identification and Authentication (IA)

Require evidence of individual identification be presented to the registration authority.

Login

Identification and Authentication (IA)

Require that the presented identity evidence be validated and verified through [Assignment: organizational defined methods of validation and verification].

Login

Identification and Authentication (IA)

Require that the validation and verification of identity evidence be conducted in person before a designated registration authority.

Login

Identification and Authentication (IA)

Require that a [Selection: registration code; notice of proofing] be delivered through an out-of-band channel to verify the users address (physical or digital) of record.

Login

Identification and Authentication (IA)

Accept externally-proofed identities at [Assignment: organization-defined identity assurance level].

Login

Incident Response (IR)

a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. [Selection (one or more): Organization-level; Mission/business process-level; System-level] incident response policy that: (a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the incident response policy and the associated incident response controls; b. Designate an [Assignment: organization-defined official] to manage the development, documentation, and dissemination of the incident response policy and procedures; and c. Review and update the current incident response: 1. Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and 2. Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].

Login

Incident Response (IR)

a. Provide incident response training to system users consistent with assigned roles and responsibilities: 1. Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access; 2. When required by system changes; and 3. [Assignment: organization-defined frequency] thereafter; and b. Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].

Login

Incident Response (IR)

Incorporate simulated events into incident response training to facilitate the required response by personnel in crisis situations.

Login