Navigate

IA-7

IA-7: Cryptographic Module Authentication

The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Supplemental

Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.

CIA Levels
Confidentiality	high
Integrity	high
Availability	unknown

Overlays
Privacy (High), Privacy (Low), Privacy (Mod), Privacy (PHI)

CSF Categories
PR.AC-1

Related Controls

The controls below (if any) were marked by NIST as being related to IA-7.

Control	Description
SC-12	The organization establishes and manages cryptographic keys for required cryptography employed within the information system in accordance with [organization-defined requirements for key generation, distribution, storage, access, and destruction].
SC-13	The information system implements [organization-defined cryptographic uses and type of cryptography required for each use] in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Enhancements

The controls below (if any) add on to the requirements of IA-7.

Control	Description
No controls

Related CCIs

The CCIs below are tied to IA-7.

CCI	Definition
CCI-000803	Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.