Device Class 1: Cryptographic Module Authentication

Control ID: IA-7 Cryptographic Module Authentication	Family: Identification and Authentication	Source: NIST 800-53r4
Control: The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable state and federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
Supplemental Guidance: Authentication mechanisms may be required within a cryptographic module to authenticate an operator accessing the module and to verify that the operator is authorized to assume the requested role and perform services within that role. Related Controls: SC-12, SC-13
Control Enhancements: N/A
References: FIPS Publication 140; Web: http://csrc.nist.gov/groups/STM/cmvp/index.html.
Mechanisms: The device shall distinguish between different keys stored by the cryptographic module and shall ensure that different processes on the device have only the appropriate access to only the appropriate keys. See SC-39 for more discussion. A cryptographic module in the device shall require that operators accessing the module in a privileged role authenticate to the cryptographic module using an approved mechanism. Approved mechanisms are any approved for use with FIPS 140-2 level 2.
Protocol Implementation Conformance Statements: N/A