CCI-004075

Defines types of and/or specific authenticators to be conducted in person or by a trusted external party before the organization-defined registration authority.

Implementation Guidance

Determine if the issuance of [IA-05(16)_ODP[01]; types of and/or specific authenticators to be issued are defined] is required to be conducted [IA-05(16)_ODP[02]; one of the following PARAMETER VALUES is selected: {in person; by a trusted external party}] before [IA-05(16)_ODP[03]; the registration authority that issues authenticators is defined] with authorization by [IA-05(16)_ODP[04]; the personnel or roles who authorize the issuance of authenticators are defined].

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; procedures addressing identifier management; system security plan; system design documentation; mechanisms providing dynamic binding of identifiers and authenticators; system configuration settings and associated documentation; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with identification and authentication management responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting and/or implementing account management capability; mechanisms supporting and/or implementing identification and authentication management capabilities for the system].

The controls below (if any) were marked by NIST as being related to CCI-004075.