https://wiki.idesg.org/index.php?action=history&feed=atom&title=Secure_Req_9Secure Req 9 - Revision history2026-05-01T09:53:26ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Secure_Req_9&diff=6670&oldid=prevOmaerz: 7 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T04:03:37Z<p>7 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== SECURE-9. AUTHENTICATION RISK ASSESSMENT ==<br />
Entities MUST have a risk assessment process in place for the selection of authentication mechanisms and supporting processes.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
Entities relying on authentication mechanisms must have a process in place for assessing the risks<br />
associated with providing access to their systems, applications, and/or network(s) and must leverage<br />
this to inform decisions on the selection of authentication mechanisms and supporting identity<br />
services.<br />
<br />
Additional controls (e.g., geolocation or device identification) may be used. The party granting access<br />
may also request additional verified attributes to support authorization decisions where required by<br />
risk or business needs<br />
<br />
=== REFERENCES ===<br />
NIST SP 800-63-2 <br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model AUTHORIZATION|AUTHORIZATION]]<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords ASSESSMENT|ASSESSMENT]], [[IDEF Keywords AUTHENTICATION|AUTHENTICATION]], [[IDEF Keywords RISK|RISK]], [[IDEF Keywords SECURITY|SECURITY]]<br />
<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>Omaerz