UCF STIG Viewer Logo

IA-10 ADAPTIVE IDENTIFICATION AND AUTHENTICATION


Overview

Number Title Impact Priority Subject Area
IA-10 Adaptive Identification And Authentication P0 Identification And Authentication

Instructions
The organization requires that individuals accessing the information system employ Assignment: organization-defined supplemental authentication techniques or mechanisms under specific Assignment: organization-defined circumstances or situations.
Guidance
Adversaries may compromise individual authentication mechanisms and subsequently attempt to impersonate legitimate users. This situation can potentially occur with any authentication mechanisms employed by organizations. To address this threat, organizations may employ specific techniques/mechanisms and establish protocols to assess suspicious behavior (e.g., individuals accessing information that they do not typically access as part of their normal duties, roles, or responsibilities, accessing greater quantities of information than the individuals would routinely access, or attempting to access information from suspicious network addresses). In these situations when certain preestablished conditions or triggers occur, organizations can require selected individuals to provide additional authentication information. Another potential use for adaptive identification and authentication is to increase the strength of mechanism based on the number and/or types of records being accessed.

Enhancements