← Controls / IA

IA-07 Cryptographic Module Authentication

Identification and Authentication

Low Moderate High

Description

The information system employs authentication methods that meet the requirements of applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

Supplemental Guidance

The applicable federal standard for authentication to a cryptographic module is FIPS 140-2 (as amended). Validation certificates issued by the NIST Cryptographic Module Validation Program (including FIPS 140-1, FIPS 140-2, and future amendments) remain in effect, and the modules remain available for continued use and purchase until a validation certificate is specifically revoked. Additional information on the use of validated cryptography is available at http://csrc.nist.gov/cryptval.

Enhancements

(0) None.

MITRE ATT&CK Techniques (12)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Initial Access 1 Persistence 5 Defense Evasion 10 Impact 1

Compliance Mappings

ISO 27002:2022

5.17

COBIT 2019

DSS05

MAS TRM

9

BSI IT-Grundschutz

ORP.4

ANSSI

Hygiene.12RGS.2.3SecNumCloud.11.1

FINMA Circular 2023/1

IV.B.d(59)IV.C(63)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(a)Rec.83

EU DORA

Art.9(3)

BIO2

5.17

RBI CSF

ITGRCA.16

FISC Security Guidelines

FISC.T4

HKMA TM-E-1

TME1.8.3TME1.9.1

DNB Good Practice

DNB.18.3

SAMA CSF

3.13.4

UAE IA

T9

CBB TM

TM-6

Qatar NIA

AC

CBE CSF

CTO-3

BoM CTRM

3.3

FFIEC IS

II.C.15II.C.19

HIPAA Security Rule

§164.312(d)

BOT Cyber Resilience

Ch2.2

CMMC 2.0

IA

PCI PTS v6

C

FIPS 140-3

FIPS 140-3 §7.4

Common Criteria

CC Part 2 — FCSCC Part 2 — FIA

Solvency II

EIOPA-ICT-4.7

HITRUST CSF v11

10.c

FDA 21 CFR Part 11

§11.200(a)(1)

FDA Cybersecurity Guidance

SA-1

OWASP MASVS v2.1

MASVS-AUTH-2

Basel SCO60

SCO60.61SCO60.66

ISO 17799 (legacy)

None.

COBIT 4.1 (legacy)

None.