IDN: Identity

The Identity domain ensures agents and the services they access can authenticate each other cryptographically. Four controls address agent identity, server authentication, and credential management.

IDN-01 Agent Identity

Requirement: Each agent instance shall possess a unique, cryptographically verifiable identity distinct from user identities.

Rationale: Enables attribution of actions to specific agents and prevents identity confusion.

Evidence: Identity provisioning records and cryptographic key management documentation.

Profile: Standard

IDN-02 Server Authentication

Requirement: Agents shall authenticate the identity of tool servers before transmitting requests or credentials.

Rationale: Prevents man-in-the-middle attacks and ensures agents communicate with legitimate services.

Evidence: TLS configuration, certificate validation settings.

Profile: Standard

IDN-03 Credential Management

Requirement: Credentials used by agents shall be stored in dedicated secret management systems with access logging.

Rationale: Protects credentials from unauthorized access and enables audit of credential usage.

Evidence: Secret management system configuration and access logs.

Profile: Elevated

IDN-04 Credential Rotation

Requirement: Agent credentials shall be rotated at intervals not exceeding 90 days or immediately upon suspected compromise.

Rationale: Limits the window of exposure from credential compromise.

Evidence: Rotation records and automated rotation configuration.

Profile: Critical