CCI-001968

Defines the configuration management process that is to handle the device identification procedures.

Implementation Guidance

Determine if device identification and authentication are handled based on attestation by [IA-03(04)_ODP; configuration management process to be employed to handle device identification and authentication based on attestation is defined].

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; system security plan; procedures addressing device identification and authentication; procedures addressing device configuration management; system design documentation; system configuration settings and associated documentation; configuration management records; change control records; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with operational responsibilities for device identification and authentication; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting and/or implementing device identification and authentication capabilities; mechanisms supporting and/or implementing configuration management; cryptographic mechanisms supporting device attestation].

The controls below (if any) were marked by NIST as being related to CCI-001968.