IA 9 SERVICE IDENTIFICATION AND AUTHENTICATION - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control: Uniquely identify and authenticate [ Assignment: organization-defined system services and applications ] before establishing communications with devices, users, or other services or applications.

Discussion: Services that may require identification and authentication include web applications using digital certificates or services or applications that query a database. Identification and authentication methods for system services and applications include information or code signing, provenance graphs, and electronic signatures that indicate the sources of services. Decisions regarding the validity of identification and authentication claims can be made by services separate from the services acting on those decisions. This can occur in distributed system architectures. In such situations, the identification and authentication decisions (instead of actual identifiers and authentication data) are provided to the services that need to act on those decisions.

Related Controls: IA-3, IA-4, IA-5, SC-8.

Control Enhancements:

• (1) SERVICE IDENTIFICATION AND AUTHENTICATION | INFORMATION EXCHANGE
  [Withdrawn: Incorporated into IA -9.]

• (2) SERVICE IDENTIFICATION AND AUTHENTICATION | TRANSMISSION OF DECISIONS
  [Withdrawn: Incorporated into IA -9.]

References: None.