IA-3(4)

  • Requirement

    Handle device identification and authentication based on attestation by [Assignment: organization-defined configuration management process].

  • Discussion

    Device attestation refers to the identification and authentication of a device based on its configuration and known operating state. Device attestation can be determined via a cryptographic hash of the device. If device attestation is the means of identification and authentication, then it is important that patches and updates to the device are handled via a configuration management process such that the patches and updates are done securely and do not disrupt identification and authentication to other devices.

More Info

  • Title

    Device Identification and Authentication | Device Attestation
  • Family

    Identification and Authentication
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      CM-2;CM-3;CM-6

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!