Secure Req 9: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
m (7 revisions imported: Initial Upload of old pages from IDESG Wiki)
 
(No difference)

Latest revision as of 04:03, 28 June 2018

<< Back to Baseline Functional Requirements Index

SECURE-9. AUTHENTICATION RISK ASSESSMENT

Entities MUST have a risk assessment process in place for the selection of authentication mechanisms and supporting processes.

SUPPLEMENTAL GUIDANCE

Entities relying on authentication mechanisms must have a process in place for assessing the risks associated with providing access to their systems, applications, and/or network(s) and must leverage this to inform decisions on the selection of authentication mechanisms and supporting identity services.

Additional controls (e.g., geolocation or device identification) may be used. The party granting access may also request additional verified attributes to support authorization decisions where required by risk or business needs

REFERENCES

NIST SP 800-63-2

APPLIES TO ACTIVITIES

AUTHORIZATION

KEYWORDS

ASSESSMENT, AUTHENTICATION, RISK, SECURITY



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |