NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-3(2)Cryptographic Bidirectional Network Authentication

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into IA-3(1). It previously addressed cryptographic bidirectional authentication specifically for network communications.

Example 1: Implement IPsec with mutual certificate authentication between site-to-site VPN endpoints so both sides cryptographically verify each other before establishing the tunnel.

Example 2: Configure TLS mutual authentication on your API gateways so that client services must present valid certificates to access backend APIs.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts