NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-5(15)GSA-approved Products and Services

Use only General Services Administration-approved products and services for identity, credential, and access management.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

General Services Administration (GSA)-approved products and services are products and services that have been approved through the GSA conformance program, where applicable, and posted to the GSA Approved Products List. GSA provides guidance for teams to design and build functional and secure systems that comply with Federal Identity, Credential, and Access Management (FICAM) policies, technologies, and implementation patterns.

Practitioner Notes

This enhancement requires using GSA-approved products and services for identity verification — leveraging government-vetted solutions.

Example 1: Use a GSA-approved identity proofing service from the Trust Services List for verifying the identity of remote users before issuing credentials.

Example 2: Select identity and credentialing services from the GSA Approved Products List (APL) for PIV/CAC card issuance and management.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts