Overview:
The organization requires that the registration process to receive [Assignment: organization- defined types of and/or specific authenticators] be conducted [Selection: in person; by a trusted third party] before [Assignment: organization-defined registration authority] with authorization by [Assignment: organization-defined personnel or roles].
Action Items:
1) Ensure privileged or critical authenticators are delivered in person or by a trusted 3rd party
Related Documents:
1) Identity and Access Management Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
IA-5 (3)-1 [All hardware/biometric (multifactor authenticators]
IA-5 (3)-2 [in person]
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 705
Created: September 30, 2022
Last Updated: September 30, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/in-person-and-trusted-third-party-registration-ia-5-3-705.html