>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA.L1-3.5.2Authentication

Level 1
FAR 52.204-21 b.
800-171: 3.5.2

>Control Description

Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

>Cross-Framework Mappings

NIST SP 800-171

3.5.2
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your authentication policy and what authentication methods are approved?
  • How do you determine appropriate authentication strength for different access scenarios?
  • Who is responsible for managing authentication systems and mechanisms?
  • What is your process for handling authentication failures or issues?

Technical Implementation:

  • What authentication systems verify user identities (AD, SSO, local accounts)?
  • What authentication methods are technically implemented?
  • How do you integrate authentication across systems?
  • What protocols handle authentication (Kerberos, SAML, LDAP)?
  • What logging captures authentication attempts and failures?

Evidence & Documentation:

  • What authentication policy documentation can you provide?
  • What password policy settings and configurations can you show?
  • What MFA enrollment and usage reports demonstrate compliance?
  • What account management documentation shows account lifecycle?
  • What authentication logs demonstrate enforcement?
  • What screenshots show authentication configurations?

Ask AI

Configure your API key to use AI features.