IA-7

Requirement

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

Discussion

Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Identification and authentication policy; system security plan; procedures addressing cryptographic module authentication; system design documentation; system configuration settings and associated documentation; system audit records; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with responsibility for cryptographic module authentication; organizational personnel with information security responsibilities; system/network administrators; system developers].

Test

[SELECT FROM: Mechanisms supporting and/or implementing cryptographic module authentication].

ID	Assessment Objectives
IA-07	mechanisms for authentication to a cryptographic module are implemented that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!