Handle device identification and authentication based on attestation by [Assignment: organization-defined configuration management process].
|
|
| Control Identifier | IA-3(4) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Device attestation refers to the identification and authentication of a device based on its configuration and known operating state. Device attestation can be determined via a cryptographic hash of the device. If device attestation is the means of identification and authentication, then it is important that patches and updates to the device are handled via a configuration management process such that the patches and updates are done securely and do not disrupt identification and authentication to other devices. |
| Related Controls | CM-2, CM-3, CM-6. |