NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-7Cryptographic Module Authentication

Implement mechanisms for authentication to a cryptographic module that meet the requirements of applicable laws, executive orders, directives, policies, regulations, standards, and guidelines for such authentication.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role.

Practitioner Notes

This control requires that cryptographic modules used for authentication meet FIPS 140 requirements — the encryption protecting your login process must meet federal standards.

Example 1: Ensure your VPN concentrators (Cisco, Palo Alto) use FIPS 140-2 or 140-3 validated cryptographic modules for authenticating VPN connections.

Example 2: Verify that Windows is configured to use FIPS-compliant algorithms for authentication by enabling the "System cryptography: Use FIPS compliant algorithms" Group Policy setting.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts