shawndwells
commented
6 years ago 'The customer will be responsible for identifying and authenticating non-organizational users accessing the customer application. A successful control response will need to address how non-organizational users are defined and the process by which identification and authentication takes place, including any differences from identification and authentication for organizational users.'
http://ssptool.securitycentral.io/certifications/FedRAMP-low/NIST-800-53/IA-8
"The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users)."