IA-8(2)

  • Requirement

    1. Accept only external authenticators that are NIST-compliant; and
    2. Document and maintain a list of accepted external authenticators.
  • Discussion

    Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with SP 800-63B. Approved external authenticators meet or exceed the minimum Federal Government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding Federal requirements allows Federal Government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.

More Info

  • Title

    Identification and Authentication (non-organizational Users) | Acceptance of External Authenticators
  • Family

    Identification and Authentication
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!