Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.
DiscussionNon-organizational users include system users other than organizational users explicitly covered by IA-2. Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in AC-14. Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factorsâ€”including security, privacy, scalability, and practicalityâ€”when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.