Secure Req 9
<< Back to Baseline Functional Requirements Index
SECURE-9. AUTHENTICATION RISK ASSESSMENT
Entities MUST have a risk assessment process in place for the selection of authentication mechanisms and supporting processes.
Entities relying on authentication mechanisms must have a process in place for assessing the risks associated with providing access to their systems, applications, and/or network(s) and must leverage this to inform decisions on the selection of authentication mechanisms and supporting identity services.
Additional controls (e.g., geolocation or device identification) may be used. The party granting access may also request additional verified attributes to support authorization decisions where required by risk or business needs
NIST SP 800-63-2