PR.AA-02
Identities are proofed and bound to credentials based on the context of interactions
Implementation examples
- Ex1: Verify a person's claimed identity at enrollment time using government-issued identity credentials (e.g., passport, visa, driver's license)
- Ex2: Issue a different credential for each person (i.e., no credential sharing)
Mapped NIST 800-53 r5 controls (1)
Mapped CWE weaknesses (2)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (29)
- CCMv4.0: IAM-01
- CCMv4.0: IAM-03
- CCMv4.0: IAM-13
- CCMv4.0: IAM-14
- CCMv4.0: IAM-16
- CCMv4.0: UEM-14
- CRI Profile v2.0: PR.AA-02
- CRI Profile v2.0: PR.AA-02.01
- CSF v1.1: PR.AC-6
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 8.2
- ISO/IEC 27001:2022: Annex A Controls: 8.3
- ISO/IEC 27001:2022: Annex A Controls: 8.5
- NICE Framework: DD-WRL-001
- NICE Framework: IO-WRL-003
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-013
- NICE Framework: OG-WRL-014
- NICE Framework: PD-WRL-004
- OWASP Top 10 LLM Applications: LLM06-2025
- PCI DSS: 12.7.1
- PCI DSS: 8.2.1
- PCI DSS: 8.3.5
- PCI DSS: 8.2.2
- SCF: IAC-28
- SDOS: SDOS-IA-01
- SDOS: SDOS-IA-02
- SP 800-53 Rev 5.1.1: IA-12
- SP 800-53 Rev 5.2.0: IA-12
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).