CCI-002002

The organization defines the token quality requirements to be employed by the information system mechanisms for token-based authentication.

Implementation Guidance

DoDI 8520.03 defines types of authentication credentials that are acceptable for authentication to different systems based on the systems’ information sensitivity levels and the users’ access environments. The definitions for credential strengths D, E and H found in DoDI 8520.03 Enclosure 3, Section 3 specifically deal with acceptable types of hardware PKI credentials. DoD Components are automatically compliant with this CCI because they are covered by the DoD-level policy, DoDI 8520.03.

Validation Procedures

DoDI 8520.03 defines types of authentication credentials that are acceptable for authentication to different systems based on the systems’ information sensitivity levels and the users’ access environments. The definitions for credential strengths D, E and H found in DoDI 8520.03 Enclosure 3, Section 3 specifically deal with acceptable types of hardware PKI credentials. DoD Components are automatically compliant with this CCI because they are covered by the DoD-level policy, DoDI 8520.03.

Compelling Evidence

Automatically compliant per DoDI 8520.03

The controls below (if any) were marked by NIST as being related to CCI-002002.