IA-8
-
Requirement
Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.
-
Discussion
Non-organizational users include system users other than organizational users explicitly covered by IA-2. Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in AC-14. Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors including security, privacy, scalability, and practicality when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!