NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-8(1)Acceptance of PIV Credentials from Other Agencies

Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Acceptance of Personal Identity Verification (PIV) credentials from other federal agencies applies to both logical and physical access control systems. PIV credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidelines. The adequacy and reliability of PIV card issuers are addressed and authorized using [SP 800-79-2](#10963761-58fc-4b20-b3d6-b44a54daba03).

Practitioner Notes

This enhancement requires your systems to accept PIV credentials from other federal agencies — enabling cross-agency authentication with government smart cards.

Example 1: Configure your Active Directory to trust the Federal PKI certificate chain so that employees from other agencies can log in with their PIV/CAC cards.

Example 2: Enable cross-certificate trust in your PKI infrastructure to accept certificates issued by other federal agencies' certificate authorities.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts