NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-12(2)Identity Evidence

Require evidence of individual identification be presented to the registration authority.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Identity evidence, such as documentary evidence or a combination of documents and biometrics, reduces the likelihood of individuals using fraudulent identification to establish an identity or at least increases the work factor of potential adversaries. The forms of acceptable evidence are consistent with the risks to the systems, roles, and privileges associated with the user’s account.

Practitioner Notes

This enhancement specifies requirements for the identity evidence used during proofing — what documents or credentials are acceptable for proving someone's identity.

Example 1: Define in your identity proofing policy that acceptable evidence includes a valid U.S. passport, state driver's license, or military ID (CAC) — following NIST SP 800-63A evidence strength guidelines.

Example 2: For remote proofing, require applicants to submit high-resolution photos of two forms of ID and a live selfie for automated comparison by an identity verification service.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts