>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA-4Identifier Management

PBMM (P1)
Secret (P1)
Technical

>Control Description

(A) The organization manages information system identifiers by receiving authorization from organization-defined personnel or roles to assign an individual, group, role, or device identifier. (B) The organization manages information system identifiers by selecting an identifier that identifies an individual, group, role, or device. (C) The organization manages information system identifiers by assigning the identifier to the intended individual, group, role, or device. (D) The organization manages information system identifiers by preventing reuse of identifiers for organization-defined time period. (E) The organization manages information system identifiers by disabling the identifier after organization-defined time period of inactivity.

>Supplemental Guidance

Common device identifiers include, for example, MAC, IP addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals.

In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices.

Related controls: AC-2, IA-2, IA-3, IA-5, IA-8, SC-37

Ask AI

Configure your API key to use AI features.