← Back to catalog
IA-8

Identification and Authentication (Non-organizational Users)

Identification and Authentication (IA)
Baselines
Low · IncludedModerate · IncludedHigh · Included
Description

Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

Discussion

Non-organizational users include system users other than organizational users explicitly covered by [IA-2](#ia-2) . Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in [AC-14](#ac-14) . Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors—including security, privacy, scalability, and practicality—when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.

Implementation guidance

No content available.

CSF 2.0 crosswalk
PR.AA-01Identities and credentials for authorized users, services, and hardware are managed by the organizationProtect
PR.AA-03Users, services, and hardware are authenticatedProtect