E.3.1 Authentication

Control Details

Objective

Enable authorization, traceability, and non-repudiation

Definition

Authenticate employees and contractors to enable access control, traceability, non-repudiation, chain-of-custody, and provenance for systems, software, and services.

Assessment Questions

1. How are employees and contractors authenticated to enable access control, traceability, non-repudiation, chain of custody, and provenance for systems, software, and services?
2. Where do you store access credentials (e.g., hashes for passwords) and secrets in a secured (e.g., encrypted) location, such as a secure vault?

Reference sources

1. 800-161 IA-5 IA-9