Authentication User Agency (AUA) is an entity engaged in providing Aadhaar Enabled Services to Aadhaar number Holder, using the authentication as facilitated by the Authentication Service Agency (ASA). An AUA may be government/public / private legal agency registered in India, that uses the Aadhaar authentication services of UIDAI and sends authentication requests to enable its services/business functions.

As per the latest UIDAI Information Security Policy for AUAs and KUAs, the following Information Security Domains and Related Controls need to be implemented and audited:

• Human Resources
• Asset Management
• Access Control
• Password Policy
• Cryptography
• Physical and Environmental Security
• Operations Security
• Communications security
• Information Security Incident Management
• Compliance
• Change Management