CCI-000187

The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.

Implementation Guidance

The information system performing PKI-based authentication must be configured to map the authenticated PKI credential to a corresponding network or information system account or role in accordance with DoDI 8520.03. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 187.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed has configured the information system to map authenticated PKI credentials to corresponding network or information system accounts or roles in accordance with DoDI 8520.03. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 187.

Compelling Evidence

1.) Signed and dated SOP/TTP for configuring the information system mapping of the authenticated PKI credentials to a corresponding network or information system account or role in accordance with DoDI 8520.03. 2.) Applicable STIG/SRG checks

The controls below (if any) were marked by NIST as being related to CCI-000187.