1.9 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
ia-8.2 - [catalog] Acceptance of External Authenticators
Control Statement
-
[a] Accept only external authenticators that are NIST-compliant; and
-
[b] Document and maintain a list of accepted external authenticators.
Control guidance
Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with SP 800-63B . Approved external authenticators meet or exceed the minimum Federal Government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding Federal requirements allows Federal Government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.
Control assessment-objective
only external authenticators that are NIST-compliant are accepted; a list of accepted external authenticators is documented; a list of accepted external authenticators is maintained.
What is the solution and how is it implemented?
Implementation (a)
Add control implementation description here for item ia-8.2_smt.a
Implementation (b)
Add control implementation description here for item ia-8.2_smt.b