IA-3

Identification and AuthenticationRev 5system

Device Identification and Authentication

Baselines:ModerateHigh

Control Statement

Uniquely identify and authenticate [Assignment: devices and/or types of devices] before establishing a [Selection: organization-defined value] connection.

Supplemental Guidance

Devices that require unique device-to-device identification and authentication are defined by type, device, or a combination of type and device. Organization-defined device types include devices that are not owned by the organization. Systems use shared known information (e.g., Media Access Control [MAC], Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., Institute of Electrical and Electronics Engineers (IEEE) 802.1x and Extensible Authentication Protocol [EAP], RADIUS server with EAP-Transport Layer Security [TLS] authentication, Kerberos) to identify and authenticate devices on local and wide area networks. Organizations determine the required strength of authentication mechanisms based on the security categories of systems and mission or business requirements. Because of the challenges of implementing device authentication on a large scale, organizations can restrict the application of the control to a limited number/type of devices based on mission or business needs.

Related Controls (12)

AC-17 AC-18 AC-19 AU-6 CA-3 CA-9 IA-4 IA-5 IA-9 IA-11 IA-13 SI-4

CCI Identifiers (3)

CCI-001958Authenticate organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection.CCI-000777Defines devices and/or types of devices for which identification and authentication is required before establishing a connection.CCI-000778Uniquely identify organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection.

Linked STIG Checks (180)

Across 83 STIGs. Click to expand.