Identification & Authentication
Identification and Authentication is proving that a user or device is who it claims to be before it touches CUI. Multi-factor authentication and strong credential practices are the heart of this family.
The 11 Identification & Authentication requirements
25 assessment objectives across this family.
- 3.5.1IdentificationIdentify system users, processes acting on behalf of users, and devices.5 pt✕ POA&M
- 3.5.2AuthenticationAuthenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.5 pt✕ POA&M
- 3.5.3Multifactor AuthenticationUse multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.5 pt✕ POA&M
- 3.5.4Replay-resistant AuthenticationEmploy replay -resistant authentication mechanisms for network access to privileged and non-privileged accounts.1 pt
- 3.5.5Identifier ReusePrevent reuse of identifiers for a defined period.1 pt
- 3.5.6Identifier HandlingDisable identifiers after a defined period of inactivity.1 pt
- 3.5.7Password ComplexityEnforce a minimum password complexity and change of characters when new passwords are created.1 pt
- 3.5.8Password ReuseProhibit password reuse for a specified number of generations.1 pt
- 3.5.9Temporary PasswordsAllow temporary password use for system logons with an immediate change to a permanent password.1 pt
- 3.5.10Cryptographically-protected PasswordsStore and transmit only cryptographically-protected passwords.5 pt✕ POA&M
- 3.5.11Obscure FeedbackObscure feedback of authentication information.1 pt
Build Identification & Authentication, and all 14 families, with an officer
The Level 2 Accelerator walks all 110 requirements with you, generates your SSP, POA&M, and Audit Room from real evidence, includes the full Level 1 platform, and puts a credentialed officer alongside you for 180 days. Filed in 180 days, or we work free until you are.
No credit card. Phase 2 begins Nov 10, 2026, when applicable DoD solicitations start requiring a current Level 2 status to win the award.
Questions, answered
How many CMMC Level 2 requirements are in Identification & Authentication?+
The Identification & Authentication family (IA) has 11 of the 110 CMMC Level 2 requirements, assessed against 25 objectives from NIST SP 800-171A.
What is the Identification & Authentication family about?+
Identification and Authentication is proving that a user or device is who it claims to be before it touches CUI. Multi-factor authentication and strong credential practices are the heart of this family.