Identification and Authentication (Organizational Users)

Purpose

Ensure that users are properly identified and authenticated before accessing system resources.

AI Relevance

Critical for authenticating users accessing AI systems, APIs, and sensitive AI resources to prevent unauthorized access.

Implementation Guidance

Implement strong authentication mechanisms, multi-factor authentication, and secure identity management systems.

Assessment

Test authentication mechanisms, verify identity proofing, review authentication logs, and validate authentication controls.

Requirements

• 1Uniquely identify organizational users
• 2Authenticate organizational users
• 3Uniquely identify processes acting on behalf of organizational users
• 4Authenticate processes acting on behalf of organizational users
• 5Use multifactor authentication for local access to privileged accounts
• 6Use multifactor authentication for network access to privileged accounts
• 7Use multifactor authentication for remote access to privileged accounts
• 8Use multifactor authentication for local access to non-privileged accounts
• 9Use multifactor authentication for network access to non-privileged accounts
• 10Use multifactor authentication for remote access to non-privileged accounts

Related Controls

References