Use a sample of backup information in the restoration of selected system functions as part of contingency plan testing.
family CP
framework nist-800-53
Store backup copies of {{ insert: param, cp-09.03_odp }} in a separate facility or in a fire rated container that is not collocated with the operational system.
family CP
framework nist-800-53
family CP
framework nist-800-53
Transfer system backup information to the alternate storage site {{ insert: param, cp-9.5_prm_1 }}.
family CP
framework nist-800-53
Conduct system backup by maintaining a redundant secondary system that is not collocated with the primary system and that can be activated without loss of information or disruption to operations.
family CP
framework nist-800-53
Enforce dual authorization for the deletion or destruction of {{ insert: param, cp-09.07_odp }}.
family CP
framework nist-800-53
Implement cryptographic mechanisms to prevent unauthorized disclosure and modification of {{ insert: param, cp-09.08_odp }}.
family CP
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
Develop, document, and disseminate to {{ insert: param, ia-1_prm_1 }}: {{ insert: param, ia-01_odp.03 }} identification and authentication policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the implementation of the identification and authentication policy and the associated identification and authentication controls; Designate an {{ insert: param, ia-01_odp.04 }} to manage the development, documentation, and dissemination of the identification and authentication policy and procedures; and Review and update the current identification and authentication: Policy {{ insert: param, ia-01_odp.05 }} and following {{ insert: param, ia-01_odp.06 }} ; and Procedures {{ insert: param, ia-01_odp.07 }} and following {{ insert: param, ia-01_odp.08 }}.
family IA
framework nist-800-53
Require individuals accessing the system to employ {{ insert: param, ia-10_odp.01 }} under specific {{ insert: param, ia-10_odp.02 }}.
family IA
framework nist-800-53
Require users to re-authenticate when {{ insert: param, ia-11_odp }}.
family IA
framework nist-800-53
Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines; Resolve user identities to a unique individual; and Collect, validate, and verify identity evidence.
family IA
framework nist-800-53
Require that the registration process to receive an account for logical access includes supervisor or sponsor authorization.
family IA
framework nist-800-53
Require evidence of individual identification be presented to the registration authority.
family IA
framework nist-800-53
Require that the presented identity evidence be validated and verified through {{ insert: param, ia-12.03_odp }}.
family IA
framework nist-800-53
Require that the validation and verification of identity evidence be conducted in person before a designated registration authority.
family IA
framework nist-800-53
Require that a {{ insert: param, ia-12.05_odp }} be delivered through an out-of-band channel to verify the users address (physical or digital) of record.
family IA
framework nist-800-53
Accept externally-proofed identities at {{ insert: param, ia-12.06_odp }}.
family IA
framework nist-800-53
Employ identity providers and authorization servers to manage user, device, and non-person entity (NPE) identities, attributes, and access rights supporting authentication and authorization decisions in accordance with {{ insert: param, ia-13_odp.01 }} using {{ insert: param, ia-13_odp.02 }}.
family IA
framework nist-800-53
Cryptographic keys that protect access tokens are generated, managed, and protected from disclosure and misuse.
family IA
framework nist-800-53
The source and integrity of identity assertions and access tokens are verified before granting access to system and information resources.
family IA
framework nist-800-53
In accordance with {{ insert: param, ia-13_odp.01 }}, assertions and access tokens are: generated; issued; refreshed; revoked; time-restricted; and audience-restricted.
family IA
framework nist-800-53
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.
family IA
framework nist-800-53
Implement multi-factor authentication for access to privileged accounts.
family IA
framework nist-800-53
Provide a single sign-on capability for {{ insert: param, ia-02.10_odp }}.
family IA
framework nist-800-53
family IA
framework nist-800-53
Accept and electronically verify Personal Identity Verification-compliant credentials.
family IA
framework nist-800-53
Implement the following out-of-band authentication mechanisms under {{ insert: param, ia-02.13_odp.02 }}: {{ insert: param, ia-02.13_odp.01 }}.
family IA
framework nist-800-53
Implement multi-factor authentication for access to non-privileged accounts.
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
When shared accounts or authenticators are employed, require users to be individually authenticated before granting access to the shared accounts or resources.
family IA
framework nist-800-53
Implement multi-factor authentication for {{ insert: param, ia-02.06_odp.01 }} access to {{ insert: param, ia-02.06_odp.02 }} such that: One of the factors is provided by a device separate from the system gaining access; and The device meets {{ insert: param, ia-02.06_odp.03 }}.
family IA
framework nist-800-53
family IA
framework nist-800-53
Implement replay-resistant authentication mechanisms for access to {{ insert: param, ia-02.08_odp }}.
family IA
framework nist-800-53
family IA
framework nist-800-53
Uniquely identify and authenticate {{ insert: param, ia-03_odp.01 }} before establishing a {{ insert: param, ia-03_odp.02 }} connection.
family IA
framework nist-800-53
Authenticate {{ insert: param, ia-03.01_odp.01 }} before establishing {{ insert: param, ia-03.01_odp.02 }} connection using bidirectional authentication that is cryptographically based.
family IA
framework nist-800-53
family IA
framework nist-800-53
Where addresses are allocated dynamically, standardize dynamic address allocation lease information and the lease duration assigned to devices in accordance with {{ insert: param, ia-3.3_prm_1 }} ; and Audit lease information when assigned to a device.
family IA
framework nist-800-53
Handle device identification and authentication based on attestation by {{ insert: param, ia-03.04_odp }}.
family IA
framework nist-800-53
Manage system identifiers by: Receiving authorization from {{ insert: param, ia-04_odp.01 }} to assign an individual, group, role, service, or device identifier; Selecting an identifier that identifies an individual, group, role, service, or device; Assigning the identifier to the intended individual, group, role, service, or device; and Preventing reuse of identifiers for {{ insert: param, ia-04_odp.02 }}.
family IA
framework nist-800-53
Prohibit the use of system account identifiers that are the same as public identifiers for individual accounts.
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
Manage individual identifiers by uniquely identifying each individual as {{ insert: param, ia-04.04_odp }}.
family IA
framework nist-800-53
Manage individual identifiers dynamically in accordance with {{ insert: param, ia-04.05_odp }}.
family IA
framework nist-800-53
Coordinate with the following external organizations for cross-organization management of identifiers: {{ insert: param, ia-04.06_odp }}.
family IA
framework nist-800-53
family IA
framework nist-800-53
Generate pairwise pseudonymous identifiers.
family IA
framework nist-800-53
Maintain the attributes for each uniquely identified individual, device, or service in {{ insert: param, ia-04.09_odp }}.
family IA
framework nist-800-53
Manage system authenticators by: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator; Establishing initial authenticator content for any authenticators issued by the organization; Ensuring that authenticators have sufficient strength of mechanism for their intended use; Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators; Changing default authenticators prior to first use; Changing or refreshing authenticators {{ insert: param, ia-05_odp.01 }} or when {{ insert: param, ia-05_odp.02 }} occur; Protecting authenticator content from unauthorized disclosure and modification; Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and Changing authenticators for group or role accounts when membership to those accounts changes.
family IA
framework nist-800-53
For password-based authentication: Maintain a list of commonly-used, expected, or compromised passwords and update the list {{ insert: param, ia-05.01_odp.01 }} and when organizational passwords are suspected to have been compromised directly or indirectly; Verify, when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5(1)(a); Transmit passwords only over cryptographically-protected channels; Store passwords using an approved salted key derivation function, preferably using a keyed hash; Require immediate selection of a new password upon account recovery; Allow user selection of long passwords and passphrases, including spaces and all printable characters; Employ automated tools to assist the user in selecting strong password authenticators; and Enforce the following composition and complexity rules: {{ insert: param, ia-05.01_odp.02 }}.
family IA
framework nist-800-53
Bind identities and authenticators dynamically using the following rules: {{ insert: param, ia-05.10_odp }}.
family IA
framework nist-800-53
family IA
framework nist-800-53
For biometric-based authentication, employ mechanisms that satisfy the following biometric quality requirements {{ insert: param, ia-05.12_odp }}.
family IA
framework nist-800-53
Prohibit the use of cached authenticators after {{ insert: param, ia-05.13_odp }}.
family IA
framework nist-800-53
For PKI-based authentication, employ an organization-wide methodology for managing the content of PKI trust stores installed across all platforms, including networks, operating systems, browsers, and applications.
family IA
framework nist-800-53
Use only General Services Administration-approved products and services for identity, credential, and access management.
family IA
framework nist-800-53
Require that the issuance of {{ insert: param, ia-05.16_odp.01 }} be conducted {{ insert: param, ia-05.16_odp.02 }} before {{ insert: param, ia-05.16_odp.03 }} with authorization by {{ insert: param, ia-05.16_odp.04 }}.
family IA
framework nist-800-53
Employ presentation attack detection mechanisms for biometric-based authentication.
family IA
framework nist-800-53
Employ {{ insert: param, ia-05.18_odp.01 }} to generate and manage passwords; and Protect the passwords using {{ insert: param, ia-05.18_odp.02 }}.
family IA
framework nist-800-53
For public key-based authentication: Enforce authorized access to the corresponding private key; and Map the authenticated identity to the account of the individual or group; and When public key infrastructure (PKI) is used: Validate certificates by constructing and verifying a certification path to an accepted trust anchor, including checking certificate status information; and Implement a local cache of revocation data to support path discovery and validation.
family IA
framework nist-800-53
family IA
framework nist-800-53
family IA
framework nist-800-53
Require developers and installers of system components to provide unique authenticators or change default authenticators prior to delivery and installation.
family IA
framework nist-800-53
Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access.
family IA
framework nist-800-53
Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.
family IA
framework nist-800-53
Implement {{ insert: param, ia-05.08_odp }} to manage the risk of compromise due to individuals having accounts on multiple systems.
family IA
framework nist-800-53
Use the following external organizations to federate credentials: {{ insert: param, ia-05.09_odp }}.
family IA
framework nist-800-53
Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.
family IA
framework nist-800-53
Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.
family IA
framework nist-800-53
Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.
family IA
framework nist-800-53