CCI-002034

The organization defines the supplemental authentication techniques or mechanisms to be employed in specific organization-defined circumstances or situations by individuals accessing the information system.

Implementation Guidance

The organization being inspected/assessed defines and documents the supplemental authentication techniques or mechanisms to be employed in specific organization-defined circumstances or situations by individuals accessing the information system. DoD has determined the supplemental authentication techniques or mechanisms are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented supplemental authentication techniques or mechanisms to ensure they have been defined. DoD has determined the supplemental authentication techniques or mechanisms are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated SOP/TTP defining and documenting the specific circumstances or situations when individuals accessing an information system employ organization-defined supplemental authentication techniques or mechanisms to be employed by individuals accessing the information system.

The controls below (if any) were marked by NIST as being related to CCI-002034.