IA-10-727 Adaptive Identification and Authentication

Adaptive Identification and Authentication

Control ID

IA-10-727

Control Name

Adaptive Identification and Authentication

Control Category

Identification and Authentication

Functional Areas

Sub-Areas

NIST Baseline Level(s)

NOT SELECTED

NIST Priority

State Implementation Required

Agency Last Implemented Date

February 13, 2018

Agency Implementation

Agency-owned information resources that are accessible from external sources shall employ adaptive authentication whenever possible. At a minimum, all information resources shall employ two-factor authentication from untrusted sources. Additional adaptive controls such as location, client, or user-based risk determination shall be included when supported by the information resource.

Risk Statement

Adversaries may compromise individual authentication mechanisms and subsequently attempt to impersonate legitimate users.

Control Description

The organization requires that individuals accessing the information system employ [Assignment: organization-defined supplemental authentication techniques or mechanisms] under specific [Assignment: organization-defined circumstances or situations].

Control Example

State Implementation

No statewide control

Testing Procedures