IA-10-727 Adaptive Identification and Authentication
Adaptive Identification and Authentication
IA-10-727
Adaptive Identification and Authentication
Identification and Authentication
NOT SELECTED
P0
No
February 13, 2018
Agency-owned information resources that are accessible from external sources shall employ adaptive authentication whenever possible. At a minimum, all information resources shall employ two-factor authentication from untrusted sources. Additional adaptive controls such as location, client, or user-based risk determination shall be included when supported by the information resource.
Adversaries may compromise individual authentication mechanisms and subsequently attempt to impersonate legitimate users.
The organization requires that individuals accessing the information system employ [Assignment: organization-defined supplemental authentication techniques or mechanisms] under specific [Assignment: organization-defined circumstances or situations].