>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Home / Frameworks / FedRAMP Rev 5 / IA — Identification and Authentication

IA Identification and Authentication

30 controls in the Identification and Authentication family

IA-1Policy and Procedures
LI-SaaS
LOW
MODERATE
HIGH
IA-2Identification and Authentication (organizational Users)
LI-SaaS
LOW
MODERATE
HIGH
IA-2 (01)Identification and Authentication (organizational Users) | Multi-factor Authentication to Privileged Accounts
LOW
MODERATE
HIGH
IA-2 (02)Identification and Authentication (organizational Users) | Multi-factor Authentication to Non-privileged Accounts
LOW
MODERATE
HIGH
IA-2 (05)Identification and Authentication (organizational Users) | Individual Authentication with Group Authentication
MODERATE
HIGH
IA-2 (06)Identification and Authentication (organizational Users) | Access to Accounts --separate Device
MODERATE
HIGH
IA-2 (08)Identification and Authentication (organizational Users) | Access to Accounts -- Replay Resistant
LOW
MODERATE
HIGH
IA-2 (12)Identification and Authentication (organizational Users) | Acceptance of PIV Credentials
LI-SaaS
LOW
MODERATE
HIGH
IA-3Device Identification and Authentication
MODERATE
HIGH
IA-4Identifier Management
LI-SaaS
LOW
MODERATE
HIGH
IA-4 (04)Identifier Management | Identify User Status
MODERATE
HIGH
IA-5Authenticator Management
LI-SaaS
LOW
MODERATE
HIGH
IA-5 (01)Authenticator Management | Password-based Authentication
LOW
MODERATE
HIGH
IA-5 (02)Authenticator Management | Public Key-based Authentication
MODERATE
HIGH
IA-5 (06)Authenticator Management | Protection of Authenticators
MODERATE
HIGH
IA-5 (07)Authenticator Management | No Embedded Unencrypted Static Authenticators
MODERATE
HIGH
IA-5 (08)Authenticator Management | Multiple System Accounts
HIGH
IA-5 (13)Authenticator Management | Expiration of Cached Authenticators
HIGH
IA-6Authentication Feedback
LI-SaaS
LOW
MODERATE
HIGH
IA-7Cryptographic Module Authentication
LI-SaaS
LOW
MODERATE
HIGH
IA-8Identification and Authentication (non-organizational Users)
LI-SaaS
LOW
MODERATE
HIGH
IA-8 (01)Identification and Authentication (non-organizational Users) | Acceptance of PIV Credentials from Other Agencies
LOW
MODERATE
HIGH
IA-8 (02)Identification and Authentication (non-organizational Users) | Acceptance of External Authenticators
LOW
MODERATE
HIGH
IA-8 (04)Identification and Authentication (non-organizational Users) | Use of Defined Profiles
LOW
MODERATE
HIGH
IA-11Re-authentication
LI-SaaS
LOW
MODERATE
HIGH
IA-12Identity Proofing
MODERATE
HIGH
IA-12 (02)Identity Proofing | Identity Evidence
MODERATE
HIGH
IA-12 (03)Identity Proofing | Identity Evidence Validation and Verification
MODERATE
HIGH
IA-12 (04)Identity Proofing | In-person Validation and Verification
HIGH
IA-12 (05)Identity Proofing | Address Confirmation
MODERATE
HIGH
← Back to all controls