• Requirement

    Uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.

  • Discussion

    Non-organizational users include system users other than organizational users explicitly covered by IA-2. Non-organizational users are uniquely identified and authenticated for accesses other than those explicitly identified and documented in AC-14. Identification and authentication of non-organizational users accessing federal systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems). Organizations consider many factors including security, privacy, scalability, and practicality when balancing the need to ensure ease of use for access to federal information and systems with the need to protect and adequately mitigate risk.

More Info

  • Title

    Identification and Authentication (non-organizational Users)
  • Family

    Identification and Authentication
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!