IA-12(3) Identity Evidence Validation and Verification

Description

Validation and verification of identity evidence increases the assurance that accounts and identifiers are being established for the correct user and authenticators are being bound to that user. Validation refers to the process of confirming that the evidence is genuine and authentic, and the data contained in the evidence is correct, current, and related to an individual. Verification confirms and establishes a linkage between the claimed identity and the actual existence of the user presenting the evidence. Acceptable methods for validating and verifying identity evidence are consistent with the risks to the systems, roles, and privileges associated with the users account.

Applicability

The information resource owner, or designee, is responsible for ensuring that all requirements of this Control are satisfied.

Implementation

Members shall require in-person or remote visual confirmation of the requestor's identity against identity evidence specified in IA-12(2) prior to any changes of Identity Assurance Level (IAL) 2 user accounts, to include at a minimum, A&M System employees receiving payroll payments.  Visual confirmation may be accomplished through in-person verification or a live video conference session with the registration authority. This control standard does not apply to automated systems such as self-service password reset or MFA device management.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events