Authentication

Authentication is the process of verifying that a user, device, or system is who or what it claims to be. It answers the question 'Are you really who you say you are?' The most common form is username and password, but stronger methods include multi-factor authentication (MFA), biometrics, and certificate-based authentication (like the DoD's CAC).

Authentication is distinct from authorization (which determines what you're allowed to do after your identity is verified). Strong authentication prevents unauthorized individuals from accessing your systems by ensuring only verified identities gain entry.

Why It Matters

CMMC requires strong authentication mechanisms, including multi-factor authentication for remote access and privileged accounts. Weak authentication — simple passwords, shared accounts, no MFA — is one of the most common and easily exploited security weaknesses.

Related Resources

CMMC: AC.L2-3.1.17
CMMC: IA.L1-3.5.1
CMMC: IA.L1-3.5.2
CMMC: IA.L2-3.5.3
CMMC: IA.L2-3.5.4
CMMC: IA.L2-3.5.5
CMMC: IA.L2-3.5.6
CMMC: IA.L1-3.5.7