Объединенная экспертная группа по инициативе преобразования



страница22/48
Дата09.05.2018
Размер6.15 Mb.
1   ...   18   19   20   21   22   23   24   25   ...   48


ТАБЛИЦА D-9: МЕРЫ БЕЗОПАСНОСТИ ИДЕНТИФИКАЦЦИИ И АУТЕНТИФИКАЦИИ - СВОДКА

CNTL

NO.

control name

Control Enhancement Name

withdrawn

assurance

control baselines

low

mod

high

IA-1

Identification and Authentication Policy and Procedures




x

x

x

x

IA-2

Identification and Authentication(Organizational Users)







x

x

x

IA-2(1)

identification and authentication (organizational users) | network access to privileged accounts







x

x

x

IA-2(2)

identification and authentication (organizational users) | network access to non-privileged accounts










x

x

IA-2(3)

identification and authentication (organizational users) | local access to privileged accounts










x

x

IA-2(4)

identification and authentication (organizational users) | local access to non-privileged accounts













x

IA-2(5)

identification and authentication (organizational users) | group authentication
















IA-2(6)

identification and authentication (organizational users) | network access to privileged accounts - separate device
















IA-2(7)

identification and authentication (organizational users) | network access to non-privileged accounts - separate device
















IA-2(8)

identification and authentication (organizational users) | network access to privileged accounts - replay resistant










x

x

IA-2(9)

identification and authentication (organizational users) | network access to non-privileged accounts - replay resistant













x

IA-2(10)

identification and authentication (organizational users) | single sign-on
















IA-2(11)

identification and authentication (organizational users) | remote access - separate device










x

x

IA-2(12)

identification and authentication (organizational users) | acceptance of piv credentials







x

x

x

IA-2(13)

identification and authentication | out-of-band authentication
















IA-3

Device Identification and Authentication










x

x

IA-3(1)

device identification and authentication | cryptographic bidirectional authentication
















IA-3(2)

device identification and authentication | cryptographic bidirectional network authentication

x

Incorporated into IA-3(1).

IA-3(3)

device identification and authentication | dynamic address allocation
















IA-3(4)

device identification and authentication | device attestation
















IA-4

Identifier Management







x

x

x

IA-4(1)

identifier management | prohibit account identifiers as public identifiers
















IA-4(2)

identifier management | supervisor authorization
















IA-4(3)

identifier management | multiple forms of certification
















IA-4(4)

identifier management | identify user status
















IA-4(5)

identifier management | dynamic management
















IA-4(6)

identifier management | cross-organization management
















IA-4(7)

identifier management | in-person registration
















IA-5

Authenticator Management







x

x

x

IA-5(1)

authenticator management | password-based authentication







x

x

x

IA-5(2)

authenticator management | pki-based authentication










x

x

IA-5(3)

authenticator management | in-person or trusted third-party registration










x

x

IA-5(4)

authenticator management | automated support for password strength determination
















IA-5(5)

authenticator management | change authenticators prior to delivery
















IA-5(6)

authenticator management | protection of authenticators
















IA-5(7)

authenticator management | no embedded unencrypted static authenticators
















IA-5(8)

authenticator management | multiple information system accounts
















IA-5(9)

authenticator management | cross-organization credential management
















IA-5(10)

authenticator management | dynamic credential association
















IA-5(11)

authenticator management | hardware token-based authentication







x

x

x

IA-5(12)

authenticator management | biometric-dased authentication
















IA-5(13)

authenticator management | expiration of cached authenticators
















IA-5(14)

authenticator management | managing content of pki trust stores
















IA-5(15)

authenticator management | ficam-approved products and services
















IA-6

Authenticator Feedback







x

x

x

IA-7

Cryptographic Module Authentication







x

x

x

IA-8

Identification and Authentication (Non-Organizational Users)







x

x

x

IA-8(1)

identification and authentication (non-organizational users) | acceptance of piv credentials from other agencies







x

x

x

IA-8(2)

identification and authentication (non-organizational users) | acceptance of third-party credentials







x

x

x

IA-8(3)

identification and authentication (non-organizational users) | use of ficam-approved products







x

x

x

IA-8(4)

identification and authentication (non-organizational users) | use of ficam-issued profiles







x

x

x

IA-8(5)

identification and authentication (non-organizational users) | acceptance of piv-i credentials
















IA-9

Service Identification and Authentication
















IA-9(1)

service identification and authentication | information exchange
















IA-9(2)

service identification and authentication | transmission of decisions
















IA-10

Adaptive Identification and Authentication
















IA-11

Re-authentication





















Поделитесь с Вашими друзьями:
1   ...   18   19   20   21   22   23   24   25   ...   48


База данных защищена авторским правом ©vossta.ru 2019
обратиться к администрации

    Главная страница