This Control has the following implementation support Control(s):
Establish the requirements for Identity Assurance Levels., CC ID: 13857
Establish, implement, and maintain an authorized representatives policy., CC ID: 13798
Establish, implement, and maintain digital identification procedures., CC ID: 13714
Establish, implement, and maintain federated identity systems., CC ID: 13837
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
For the table of random numbers and other media used for personal identification, proper procedures similar to those for cash cards should be established for management of issuing, storage, distribution, recovery, and disposal. The management procedures should be properly reviewed and optimized for … (P8.5., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
At the time of opening an account of Internet banking or other transactions that take place without face-to-face interaction, personal identification should be implemented following the steps listed below to prevent unauthorized transactions. (P117.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
Regulated entities would typically put in place processes to ensure that identities and credentials are issued, managed, verified, revoked and audited for authorised devices, users and software/processes. (Attachment C 4., APRA Prudential Practice Guide CPG 234 Information Security, June 2019)
Manage, store, and review the information of system identities, and level of access. (IAM-03, Cloud Controls Matrix, v4.0)
The full life cycle of identities should be managed. (§ 5.16 Control, ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection â Information security controls, Third Edition)
Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users, and processes. (PR.AC-1, CRI Profile, v1.2)
USE OF IDENTIFIERS.âThe standards adopted under paragraph (1) shall specify the purposes for which a unique health identifier may be used. (§ 1173(b)(2), Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, FedRAMP Security Controls Low Baseline, Version 5)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, FedRAMP Security Controls Moderate Baseline, Version 5)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. (IA-8(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Identities and credentials for authorized users, services, and hardware are managed by the organization (PR.AA-01, The NIST Cybersecurity Framework, v2.0)
SUPPORT DEVELOPMENT OF A DIGITAL IDENTITY ECOSYSTEM (STRATEGIC OBJECTIVE 4.5, National Cybersecurity Strategy)
SUPPORT DEVELOPMENT OF A DIGITAL IDENTITY ECOSYSTEM (STRATEGIC OBJECTIVE 4.5, National Cybersecurity Strategy (Condensed))
