800-53|IA-1

Title

IDENTIFICATION AND AUTHENTICATION POLICY AND PROCEDURES

Description

The organization:

Supplemental

This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the IA family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: PM-9

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
Cross-Account Access	amazon_aws	Tenable AWS Best Practice Audit
IAM Roles for Amazon EC2	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountPasswordPolicy - 'Password expiration is enabled'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountSummary - 'Groups'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountSummary - 'GroupsQuota <= 100'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountSummary - 'Roles'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountSummary - 'RolesQuota'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountSummary - 'Users'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetAccountSummary - 'UsersQuota'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetGroup - 'Admin group membership should be reviewed'	amazon_aws	Tenable AWS Best Practice Audit
IAM: GetGroup - 'Group membership should be reviewed'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListAccessKeys - 'Active Access Keys should be rotated'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListAccessKeys - 'List of Active Access Keys'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListAccessKeys - 'List of Inactive Access Keys'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListGroupPolicies - 'Review policies assigned to groups'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListGroups - 'Review current group list'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListMFADevices - 'Review the MFA device assigments'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListRoles - 'Review roles'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListUsers - 'Review current user list'	amazon_aws	Tenable AWS Best Practice Audit
IAM: ListUsers - 'Review user paths'	amazon_aws	Tenable AWS Best Practice Audit
Identity Federation	amazon_aws	Tenable AWS Best Practice Audit
Managing Metrics and Improvement	amazon_aws	Tenable AWS Best Practice Audit
Managing OS-level Access to Amazon EC2 Instances	amazon_aws	Tenable AWS Best Practice Audit
MFA for API calls	amazon_aws	Tenable AWS Best Practice Audit
Resource Access Authorization	amazon_aws	Tenable AWS Best Practice Audit

Detections

Analytics