IA-2 - Identification and Authentication (Organizational Users)

IA-2 requires the organization to uniquely identify each user and enforce authentication mechanisms before granting access to information systems. It mandates the use of passwords or other authenticators that meet defined complexity, length, and change requirements, and recommends multi-factor authentication for privileged or remote access.