IA-12 Identity Proofing
Identification and Authentication
Low Moderate High New in Rev 5
Description
a. Identity proof users that require accounts for logical access to systems based on appropriate identity assurance level requirements as specified in applicable standards and guidelines; b. Resolve user identities to a unique individual; and c. Collect, validate, and verify identity evidence.
Supplemental Guidance
Identity proofing is the process of collecting, validating, and verifying a claimed identity to establish that the identity belongs to a specific individual. Identity proofing is necessary to appropriately provision user accounts and to mitigate the risk of fraudulent identities accessing organizational systems.
Changes from Rev 4
New control in Rev 5.
MITRE ATT&CK Techniques (4)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Initial Access 4 Persistence 4 Privilege Escalation 4 Defense Evasion 4
Initial Access
Persistence
Privilege Escalation
Compliance Mappings
ISO 27001:2022
A.5.16
ISO 27002:2022
5.16
COBIT 2019
DSS05
NIST CSF 2.0
PR.AA-01PR.AA-02
MAS TRM
9
BSI IT-Grundschutz
ORP.4
EU DORA
Art.9(4)(d)
BIO2
5.16
RBI CSF
Annex1.9
FISC Security Guidelines
FISC.T2
HKMA TM-E-1
TME1.8.3
DNB Good Practice
DNB.17.1
EU CRA
CRA.I.2d
SAMA CSF
3.1
NCA ECC
2-2
UAE IA
T9
CBB TM
TM-6
Qatar NIA
AC
CBUAE
CR-4
CBE CSF
CTO-1
SA JS2
JS2-7.1
CBN CSF
Part3.2
BoG CISD
CISD-IX
BoM CTRM
3.3
IOSCO Cyber Resilience
PROT-1
CPMI-IOSCO PFMI
CG.PR
FFIEC IS
II.C.15II.C.7(b)
HIPAA Security Rule
§164.312(d)
ECB CROE
CROE.2.3.1
EBA ICT Guidelines
3.4.2
SEBI CSCRF
PR.AA
BOT Cyber Resilience
Ch2.2
CMMC 2.0
IA
DOE C2M2 v2.1
ACCESS
Common Criteria
CC Part 2 — FIA
Solvency II
EIOPA-ICT-4.4
Lloyd's Minimum Standards
BP2.1MS8.3
FDA 21 CFR Part 11
§11.100(b)§11.200(a)(3)
FDA Cybersecurity Guidance
SA-1
ISO 27799
9.3
NHS DSPT
NDG-4.3
CCSS v9.0
1.03.51.04.4