IA — Identification and Authentication
31 controls in the Identification and Authentication family
IA-01Policy and Procedures
IA-02Identification and Authentication (organizational Users)
IA-02(01)Identification and Authentication (organizational Users) | Multi-factor Authentication to Privileged Accounts
IA-02(02)Identification and Authentication (organizational Users) | Multi-factor Authentication to Non-privileged Accounts
IA-02(03)IA-02(03)
IA-02(04)IA-02(04)
IA-02(05)Identification and Authentication (organizational Users) | Individual Authentication with Group Authentication
IA-02(08)Identification and Authentication (organizational Users) | Access to Accounts — Replay Resistant
IA-02(09)IA-02(09)
IA-02(11)IA-02(11)
IA-02(12)IA-02(12)
IA-03Device Identification and Authentication
IA-04Identifier Management
IA-04(04)Identifier Management | Identify User Status
IA-05Authenticator Management
IA-05(01)Authenticator Management | Password-based Authentication
IA-05(02)Authenticator Management | Public Key-based Authentication
IA-05(03)IA-05(03)
IA-05(04)IA-05(04)
IA-05(06)Authenticator Management | Protection of Authenticators
IA-05(07)Authenticator Management | No Embedded Unencrypted Static Authenticators
IA-05(08)IA-05(08)
IA-05(11)IA-05(11)
IA-05(13)IA-05(13)
IA-06Authentication Feedback
IA-07Cryptographic Module Authentication
IA-08Identification and Authentication (non-organizational Users)
IA-08(01)IA-08(01)
IA-08(02)Identification and Authentication (non-organizational Users) | Acceptance of External Authenticators
IA-08(03)IA-08(03)
IA-08(04)Identification and Authentication (non-organizational Users) | Use of Defined Profiles