NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-12(1)Supervisor Authorization

Require that the registration process to receive an account for logical access includes supervisor or sponsor authorization.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Including supervisor or sponsor authorization as part of the registration process provides an additional level of scrutiny to ensure that the user’s management chain is aware of the account, the account is essential to carry out organizational missions and functions, and the user’s privileges are appropriate for the anticipated responsibilities and authorities within the organization.

Practitioner Notes

This enhancement requires supervisor authorization as part of the identity proofing process — a supervisor must confirm the person's identity and authorize their access.

Example 1: Include a supervisor signature line on your System Access Request Form confirming they have verified the individual's identity and authorize account creation.

Example 2: In your ServiceNow onboarding workflow, require the hiring manager to approve the identity proofing results before the account provisioning step can proceed.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts