CMMCDocs.comHome / Glossary / Identification and Authentication (IA) Family
Identification and Authentication (IA) Family
Also known as: IA family
The IA family covers 11 NIST SP 800-171 requirements governing user identification, authentication, password policy, and multifactor authentication.
The Identification and Authentication (IA) family contains 11 NIST SP 800-171 Rev 2 security requirements. It works hand-in-hand with the AC (Access Control) family to ensure that only authorized users and devices can access in-scope systems.
Key IA requirements include identifying users and devices (IA.L2-3.5.1, IA.L2-3.5.2), multifactor authentication for local and network privileged access (IA.L2-3.5.3), replay-resistant authentication (IA.L2-3.5.4), password complexity (IA.L2-3.5.7), password reuse rules (IA.L2-3.5.8), and storing passwords cryptographically (IA.L2-3.5.10).
The IA family is typically owned by the identity team. A C3PAO will verify MFA enforcement live, sample password policy compliance, and review identifier lifecycle controls.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account