IA-08-727 Identification and Authentication (Non-Organizational Users)

Identification and Authentication (Non-Organizational Users)

IA-08-727
Identification and Authentication (Non-Organizational Users)
Identification and Authentication
Protect
Identification and Authentication
LOW, MOD, HIGH
P1
Yes
August 17, 2016

Each user of an Agency-owned information resource shall be assigned a unique access identifier (user name) and authenticator (password or hardware token). The authenticator shall be appropriate to the level of assurance required for access to the necessary information resources. NIST SP 800-63-2, Electronic Authentication Guideline, shall be used as the foundation for determining appropriate assurance levels when selecting authenticators. A unique identifier such as a work email address or phone number may be used for a Level 1 assurance authenticator (such as guest wireless). A government-issued photo identification shall be required for a Level 2 assurance authenticator (such as contractor/vendor network access).

Unauthenticated and/or unauthorized users access networks by exploiting vulnerabilities in external connections.
The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).
Non-organizational users (guests) are subject to authorization to information systems prior to access.
The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users).
Obtain identification and authentication policy; procedures addressing user identification and authentication; information system design documentation; information system configuration settings and associated documentation; information system audit records; list of information system accounts; other relevant documents or records and ascertain if: (I)the information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users.