← Back to catalog
IA-9

Service Identification and Authentication

Identification and Authentication (IA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Uniquely identify and authenticate [assignment] before establishing communications with devices, users, or other services or applications.

Discussion

Services that may require identification and authentication include web applications using digital certificates or services or applications that query a database. Identification and authentication methods for system services and applications include information or code signing, provenance graphs, and electronic signatures that indicate the sources of services. Decisions regarding the validity of identification and authentication claims can be made by services separate from the services acting on those decisions. This can occur in distributed system architectures. In such situations, the identification and authentication decisions (instead of actual identifiers and authentication data) are provided to the services that need to act on those decisions.

Implementation guidance

No content available.

CSF 2.0 crosswalk
PR.AA-01Identities and credentials for authorized users, services, and hardware are managed by the organizationProtect
PR.AA-03Users, services, and hardware are authenticatedProtect