IA-8 Identification and Authentication (Non-Organizational Users)

Description

Non-organizational users include information system users other than organizational users explicitly covered by IA-2. These individuals are uniquely identified and authenticated for accesses other than those accesses explicitly identified and documented in AC-14.

In accordance with the E-Authentication E-Government initiative, authentication of non-organizational users accessing federal information systems may be required to protect federal, proprietary, or privacy-related information (with exceptions noted for national security systems).

Organizations use risk assessments to determine authentication needs and consider scalability, practicality, and security in balancing the need to ensure ease of use for access to federal information and information systems with the need to protect and adequately mitigate risk.

IA-2 addresses identification and authentication requirements for access to information systems by organizational users.

Applicability

This Control applies to all TAMU-CC information resources.

The intended audience for this Control includes all owners and custodians of information resources.

Implementation

The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users). Non-organizational users must be formally authorized to access a given information resource by the account sponsor.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events