home || catalog: SP800-53rev3 / class: Technical / family: (IA) Identification and Authentication ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA

IA-01 *
IA-02
IA-03
IA-04
IA-05
IA-06
IA-07
IA-08

IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  IA-01: Identification and Authentication Policy and Procedures  

base control objective:
The organization develops, disseminates, and reviews/updates [Assignment: organization-defined frequency]:
a. A formal, documented identification and authentication policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
b. Formal, documented procedures to facilitate the implementation of the identification and authentication policy and associated identification and authentication controls.

supplemental objective information:
This control is intended to produce the policy and procedures that are required for the effective implementation of the security controls and control enhancements in the identification and authentication family. The policy and procedures are consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. The identification and authentication policy can be included as part of the general information security policy for the organization. Identification and authentication procedures can be developed for the security program in general and for a particular information system, when required. The organizational risk management strategy is a key factor in the development of the identification and authentication policy.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

PM-09   Risk Management Strategy

documents referenced in SP800-53rev3 for IA-01:

Document Date Status Title
FIPS 190 September, 1994 current   Guideline for the Use of Advanced Authentication Technology Alternatives, September 1994
FIPS 200 March, 2006 current   Minimum Security Requirements for Federal Information and Information Systems
FIPS 201-1 March, 2006 current   Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST SP800-100 October, 2006 current   Information Security Handbook: A Guide for Managers
NIST SP800-12 October, 1995 current   An Introduction to Computer Security: The NIST Handbook
NIST SP800-14 September, 1996 current   Generally Accepted Principles and Practices for Securing Information Technology Systems
NIST SP800-25 October, 2000 current   Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
NIST SP800-36 October, 2003 current   Guide to Selecting Information Technology Security Products
NIST SP800-44 September 2002 current   Guidelines on Securing Public Web Servers
NIST SP800-45 August, 2006 DRAFT   Guidelines on Electronic Mail Security
NIST SP800-63 April, 2006 current   Electronic Authentication Guideline
NIST SP800-73-part2 February, 2010 current   Interfaces for Personal Identity Verification
NIST SP800-76 September, 2006 DRAFT   Biometric Data Specification for Personal Identity Verification
NIST SP800-78 December, 2010 current   Cryptographic Algorithms and Key Sizes for Personal Identity Verification
NIST SP800-87 January, 2006 current   Codes for Identification of Federal and Federally-Assisted Organizations

Search SP800-53rev3 catalog: