| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IA-5(3) |
FedRAMP_High_R4_IA-5(3) |
FedRAMP High IA-5 (3) |
Identification And Authentication |
In-Person Or Trusted Third-Party Registration |
Shared |
n/a |
The organization requires that the registration process to receive [Assignment: organization- defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted third party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles]. |
link |
1 |
| FedRAMP_Moderate_R4 |
IA-5(3) |
FedRAMP_Moderate_R4_IA-5(3) |
FedRAMP Moderate IA-5 (3) |
Identification And Authentication |
In-Person Or Trusted Third-Party Registration |
Shared |
n/a |
The organization requires that the registration process to receive [Assignment: organization- defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted third party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles]. |
link |
1 |
| hipaa |
0948.09y2Organizational.3-09.y |
hipaa-0948.09y2Organizational.3-09.y |
0948.09y2Organizational.3-09.y |
09 Transmission Protection |
0948.09y2Organizational.3-09.y 09.09 Electronic Commerce Services |
Shared |
n/a |
Where a trusted authority is used (e.g., for the purposes of issuing and maintaining digital signatures and/or digital certificates), security is integrated and embedded throughout the entire end-to-end certificate/signature management process. |
|
6 |
| hipaa |
1112.01b2System.2-01.b |
hipaa-1112.01b2System.2-01.b |
1112.01b2System.2-01.b |
11 Access Control |
1112.01b2System.2-01.b 01.02 Authorized Access to Information Systems |
Shared |
n/a |
User identities are verified in person before a designated registration authority with authorization by a designated organizational official (e.g., a supervisor or other individual defined in an applicable security plan) prior to receiving a hardware token. |
|
7 |
| hipaa |
1127.01q2System.3-01.q |
hipaa-1127.01q2System.3-01.q |
1127.01q2System.3-01.q |
11 Access Control |
1127.01q2System.3-01.q 01.05 Operating System Access Control |
Shared |
n/a |
Where tokens are provided for multi-factor authentication, in-person verification is required prior to granting access. |
|
2 |
| NIST_SP_800-53_R4 |
IA-5(3) |
NIST_SP_800-53_R4_IA-5(3) |
NIST SP 800-53 Rev. 4 IA-5 (3) |
Identification And Authentication |
In-Person Or Trusted Third-Party Registration |
Shared |
n/a |
The organization requires that the registration process to receive [Assignment: organization- defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted third party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles]. |
link |
1 |
| PCI_DSS_v4.0 |
8.3.11 |
PCI_DSS_v4.0_8.3.11 |
PCI DSS v4.0 8.3.11 |
Requirement 08: Identify Users and Authenticate Access to System Components |
Strong authentication for users and administrators is established and managed |
Shared |
n/a |
Where authentication factors such as physical or logical security tokens, smart cards, or certificates are used:
• Factors are assigned to an individual user and not shared among multiple users.
• Physical and/or logical controls ensure only the intended user can use that factor to gain access. |
link |
6 |
| SWIFT_CSCF_v2022 |
5.2 |
SWIFT_CSCF_v2022_5.2 |
SWIFT CSCF v2022 5.2 |
5. Manage Identities and Segregate Privileges |
Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or personal tokens (when tokens are used). |
Shared |
n/a |
Connected and disconnected hardware authentication or personal tokens are managed appropriately during their assignment, distribution, revocation, use, and storage. |
link |
5 |