Identification and Authentication (IA)
Prohibit the use of cached authenticators after [Assignment: organization-defined time period].
Identification and Authentication (IA)
For PKI-based authentication, employ an organization-wide methodology for managing the content of PKI trust stores installed across all platforms, including networks, operating systems, browsers, and applications.
Identification and Authentication (IA)
Use only General Services Administration-approved products and services for identity, credential, and access management.
Identification and Authentication (IA)
Require that the issuance of [Assignment: organization-defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted external party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles].
Identification and Authentication (IA)
Employ presentation attack detection mechanisms for biometric-based authentication.
Identification and Authentication (IA)
(a) Employ [Assignment: organization-defined password managers] to generate and manage passwords; and (b) Protect the passwords using [Assignment: organization-defined controls].
Identification and Authentication (IA)
Level N/A
Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.
Identification and Authentication (IA)
Level N/A
Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.
Identification and Authentication (IA)
Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.
Identification and Authentication (IA)
Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies.
