>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA-3Device Identification And Authentication

PBMM (P1)
Secret (P1)
Technical

>Control Description

(A) The information system uniquely identifies and authenticates organization-defined specific and/or types of devices before establishing a [Selection (one or more): local; remote; network] connection.

>Supplemental Guidance

Organizational devices requiring unique device-to-device identification and authentication may be defined by type, by device, or by a combination of type/device. Information systems typically use either shared known information (e.g., Media Access Control [MAC] or Transmission Control Protocol/Internet Protocol [TCP/IP] addresses) for device identification or organizational authentication solutions (e.g., IEEE 802.1x and EAP, Radius server with EAP-TLS authentication, Kerberos) to identify/authenticate devices on local and/or wide area networks. Organizations determine the required strength of authentication mechanisms by the security categories of information systems.

Because of the challenges of applying this control on large scale, organizations are encouraged to only apply the control to those limited number (and type) of devices that truly need to support this capability. Related controls: AC-17, AC-18, AC-19, CA-3, IA-4, IA-5

>Tailoring Guidance

This security control/enhancement can be met using readily available Commercial-Off-The-Shelf (COTS) components. Consequently, inclusion in a departmental profile is strongly encouraged in most cases.

Ask AI

Configure your API key to use AI features.