Navigate

AC-4 (17)

AC-4 (17): Domain Authentication

The information system uniquely identifies and authenticates source and destination points by [Selection (one or more): organization, system, application, individual] for information transfer.

Supplemental

Attribution is a critical component of a security concept of operations. The ability to identify source and destination points for information flowing in information systems, allows the forensic reconstruction of events when required, and encourages policy compliance by attributing policy violations to specific organizations/individuals. Successful domain authentication requires that information system labels distinguish among systems, organizations, and individuals involved in preparing, sending, receiving, or disseminating information.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Multilevel), Cross Domain (Transfer), Privacy (High), Privacy (Mod)

Related Controls

The controls below (if any) were marked by NIST as being related to AC-4 (17).

Control	Description
IA-2	The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
IA-3	The information system uniquely identifies and authenticates [Assignment: organization-defined specific and/or types of devices] before establishing a [Selection (one or more): local; remote; network] connection.
IA-4	The organization manages information system identifiers by: IA-4a.: Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, or device identifier; IA-4b.: Selecting an identifier that identifies an individual, group, role, or device; IA-4c.: Assigning the identifier to the intended individual, group, role, or device; IA-4d.: Preventing reuse of identifiers for [Assignment: organization-defined time period]; and IA-4e.: Disabling the identifier after [Assignment: organization-defined time period of inactivity].
IA-5	The organization manages information system authenticators by: IA-5a.: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator; IA-5b.: Establishing initial authenticator content for authenticators defined by the organization; IA-5c.: Ensuring that authenticators have sufficient strength of mechanism for their intended use; IA-5d.: Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators; IA-5e.: Changing default content of authenticators prior to information system installation; IA-5f.: Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators; IA-5g.: Changing/refreshing authenticators [Assignment: organization-defined time period by authenticator type]; IA-5h.: Protecting authenticator content from unauthorized disclosure and modification; IA-5i.: Requiring individuals to take, and having devices implement, specific security safeguards to protect authenticators; and IA-5j.: Changing authenticators for group/role accounts when membership to those accounts changes.

Enhancements

The controls below (if any) add on to the requirements of AC-4 (17).

Control	Description
No controls

Related CCIs

The CCIs below are tied to AC-4 (17).

CCI	Definition
CCI-002205	The information system uniquely identifies and authenticates source by organization, system, application, and/or individual for information transfer.
CCI-002206	The information system uniquely authenticates source by organization, system, application, and/or individual for information transfer.
CCI-002207	The information system uniquely identifies and authenticates destination by organization, system, application, and/or individual for information transfer.
CCI-002208	The information system uniquely authenticates destination by organization, system, application, and/or individual for information transfer.