Navigate

IA-5(16)

IA-5(16): In-person or Trusted External Party Authenticator Issuance

Require that the issuance of [types of and/or specific authenticators to be issued are defined;] be conducted [one of "in person"/"by a trusted external party"] before [the registration authority that issues authenticators is defined;] with authorization by [the personnel or roles who authorize the issuance of authenticators are defined;].

Supplemental

Issuing authenticators in person or by a trusted external party enhances and reinforces the trustworthiness of the identity proofing process.

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to IA-5(16).

Control	Description
IA-12	a: Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines; b: Resolve user identities to a unique individual; and c: Collect, validate, and verify identity evidence.

Enhancements

The controls below (if any) add on to the requirements of IA-5(16).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IA-5(16).

CCI	Definition
CCI-004074	Require that the issuance of organization-defined types of and/or specific authenticators be conducted in person or by a trusted external party before the organization-defined registration authority with authorization by organization-defined personnel or roles.
CCI-004075	Defines types of and/or specific authenticators to be conducted in person or by a trusted external party before the organization-defined registration authority.
CCI-004076	Defines the registration authority who conducts the issuance of organization-defined types of and/or specific authenticators.
CCI-004077	Defines the personnel or roles who authorize the issuance of organization-defined types of and/or specific authenticators.