NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-9(1)Information Exchange

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into IA-9. It previously addressed ensuring that service identity information is exchanged between services.

Example 1: Include service identity claims in JWT tokens exchanged between your API services so each service can verify the calling service's identity and permissions.

Example 2: Use a service mesh like Istio that automatically handles service identity and mutual TLS between all microservices in your environment.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts