800-53|IA-9

Title

SERVICE IDENTIFICATION AND AUTHENTICATION

Description

The organization identifies and authenticates [Assignment: organization-defined information system services] using [Assignment: organization-defined security safeguards].

Supplemental

This control supports service-oriented architectures and other distributed architectural approaches requiring the identification and authentication of information system services. In such architectures, external services often appear dynamically. Therefore, information systems should be able to determine in a dynamic manner, if external providers and associated services are authentic. Safeguards implemented by organizational information systems to validate provider and service authenticity include, for example, information or code signing, provenance graphs, and/or electronic signatures indicating or including the sources of services.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.6 - Set check Roles and Policies to all Web applications and EJBs	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
2.6 - Set check Roles and Policies to all Web applications and EJBs	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
2.7 - Set check Roles and Policies to all Web applications and EJBs	Unix	TNS Oracle WebLogic Server 11 Linux Best Practices
2.7 - Set check Roles and Policies to all Web applications and EJBs	Windows	TNS Oracle WebLogic Server 11 Windows Best Practices

Detections

Analytics