Embedded Files
This page is classified as INTERNAL.
NIST SP 800-53 (r4) Control:
The organization employs only information technology products on the FIPS 201-approved products list for Personal Identity Verification (PIV) capability implemented within organizational information systems.
NIST 800-53 (r4) Supplemental Guidance:
Related controls: IA-2; IA-8.
NIST 800-53 (r5) Discussion:
Products on the FIPS 201-approved products list meet NIST requirements for Personal Identity Verification (PIV) of Federal Employees and Contractors. PIV cards are used for multi-factor authentication in systems and organizations.
38North Guidance:
Meets Minimum Requirement:
The PIV capability implemented for the information system must be FIPS-201-approved.
Best Practice:
Ensure that the PIV capability employed is on the FIPS-201-approved products list (https://www.idmanagement.gov/approved-products-list/).
Unofficial FedRAMP Guidance:
None.
Assessment Evidence:
Screenshots of the FIPS-201 approved PIV capability that is employed in the for the system environment.
CSP Implementation Tips:
None.
Page updated
Report abuse