← Controls / IA

IA-03 Device Identification And Authentication

Identification and Authentication

Low Moderate High

Description

The information system identifies and authenticates specific devices before establishing a connection.

Supplemental Guidance

The information system typically uses either shared known information (e.g., Media Access Control (MAC) or Transmission Control Protocol/Internet Protocol (TCP/IP) addresses) or an organizational authentication solution (e.g., IEEE 802.1x and Extensible Authentication Protocol (EAP) or a Radius server with EAP-Transport Layer Security (TLS) authentication) to identify and authenticate devices on local and/or wide area networks. The required strength of the device authentication mechanism is determined by the FIPS 199 security categorization of the information system with higher impact levels requiring stronger authentication.

Enhancements

(0) None.

MITRE ATT&CK Techniques (8)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Credential Access 3 Collection 4 Exfiltration 1

Compliance Mappings

COBIT 2019

DSS05

CIS Controls v8

CIS 13.9

NIST CSF 2.0

PR.AA-03

SOC 2 TSC

CC6.1CC6.1-POF3CC6.1-POF8

CSA CCM v4

DCS-08

CSA AICM v1

DCS-08IAM-18

IEC 62443

3-3 SR 1.2

MAS TRM

9

BSI IT-Grundschutz

ORP.4

ANSSI

Hygiene.26Hygiene.5SecNumCloud.10.5

FINMA Circular 2023/1

IV.B.d(59)IV.C(62)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(b)

EU DORA

Art.9(4)(c)

RBI CSF

Annex1.4ITGRCA.19

HKMA TM-E-1

TME1.10.2TME1.8.3

MLPS 2.0

8.4

EU CRA

CRA.I.2d

SWIFT CSCF

SWIFT.2.1

SAMA CSF

3.1

NCA ECC

5-1

UAE IA

T9

CBB TM

TM-6

Qatar NIA

AC

CBUAE

CR-4

CBE CSF

CTO-1

SA JS2

JS2-7.1

CBN CSF

Part3.2

BoG CISD

CISD-IX

BoM CTRM

3.3

IOSCO Cyber Resilience

PROT-1

CPMI-IOSCO PFMI

PFMI.P22

FFIEC IS

II.C.15

HIPAA Security Rule

§164.312(d)

EBA ICT Guidelines

3.4.2

BOT Cyber Resilience

Ch2.2

CMMC 2.0

IA

10 CFR 73.54

RG5.71-A-AC

IEEE 1686-2022

5.5

FERC CIP Orders

Order 2222

DOE C2M2 v2.1

ACCESS

API 1164

Sec 6

IAEA NSS 17-T

Sec 5.2

Common Criteria

CC Part 2 — FIA

FDA 21 CFR Part 11

§11.10(h)

FDA Cybersecurity Guidance

SA-1

Basel SCO60

SCO60.61

BSSC Standards

KMS-04

SEC Custody (Digital Assets)

SEC-CD-02

ISO 17799 (legacy)

11.4.211.4.311.7.1

COBIT 4.1 (legacy)

None.