Overview:
The information system, for PKI-based authentication:
(a) Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information;
(b) Enforces authorized access to the corresponding private key;
(c) Maps the authenticated identity to the account of the individual or group; and
(d) Implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.
Supplemental Guidance:
Status information for certification paths includes, for example, certificate revocation lists or certificate status protocol responses. For PIV cards, validation of certifications involves the construction and verification of a certification path to the Common Policy Root trust anchor including certificate policy processing.
Related control: IA-6.
Action Items:
1) Ensure PKI based authentication follows organizational best practices
Related Documents:
1) Identity and Access Management Policy
2) Key Management Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 704
Created: September 30, 2022
Last Updated: September 30, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/pki-based-authentication-ia-5-2-704.html