Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
OSCAL
OSCAL Profiles
FedRAMP Rev 5 High Baseline
IA
IA: Identification and Authentication
An OSCAL Group
Details
Subcontrols
30
IA-1 - Policy and Procedures
IA-2 - Identification and Authentication (Organizational Users)
6 Subcontrols
IA-2.1 - Multi-factor Authentication to Privileged Accounts
IA-2.2 - Multi-factor Authentication to Non-privileged Accounts
IA-2.5 - Individual Authentication with Group Authentication
IA-2.6 - Access to Accounts —separate Device
IA-2.8 - Access to Accounts — Replay Resistant
IA-2.12 - Acceptance of PIV Credentials
IA-3 - Device Identification and Authentication
IA-4 - Identifier Management
1 Subcontrol
IA-4.4 - Identify User Status
IA-5 - Authenticator Management
6 Subcontrols
IA-5.1 - Password-based Authentication
IA-5.2 - Public Key-based Authentication
IA-5.6 - Protection of Authenticators
IA-5.7 - No Embedded Unencrypted Static Authenticators
IA-5.8 - Multiple System Accounts
IA-5.13 - Expiration of Cached Authenticators
IA-6 - Authentication Feedback
IA-7 - Cryptographic Module Authentication
IA-8 - Identification and Authentication (Non-organizational Users)
3 Subcontrols
IA-8.1 - Acceptance of PIV Credentials from Other Agencies
IA-8.2 - Acceptance of External Authenticators
IA-8.4 - Use of Defined Profiles
IA-11 - Re-authentication
IA-12 - Identity Proofing
4 Subcontrols
IA-12.2 - Identity Evidence
IA-12.3 - Identity Evidence Validation and Verification
IA-12.4 - In-person Validation and Verification
IA-12.5 - Address Confirmation