Policy 630: Identification & Authentication establishes roles and responsibilities for effective implementation of end-user and device identification (associating the entity requesting access with a role within the system) and authentication (verifying the identity of the user) to ensure access to state information systems and networks is authorized. Identification and authentication enable downstream capabilities including audit controls and system user accountability.
Standard 630S1: Authenticator Management addresses the management, implementation, safeguard, and use of passwords and token-based multi-factor authentication.
Guideline 630G1: Biometric Authentication offers implementation guidance for biometric authentication. Guidance is based on recommendations from NIST SP 800-76-2: Biometric Specifications for Personal Identity Verification. This is offered as a guideline because few (if any) biometric requirements have been incorporated into other mandatory security standards (e.g., IRS Publication 1075 or Criminal Justice Information Security Policy).
These documents replace the following ISD legacy documents:
- 621: Network and System Access
- 622: Remote Access
- 623: Authentication
These documents address NIST Special Publication 800-53 security controls IA-1 through IA-6 and IA-8. They also address all applicable IA controls in IRS Publication 1075.
View or Download: