PE-5(2)—Link To Individual Identity
>Control Description
Link individual identity to receipt of output from output devices.
>Supplemental Guidance
Methods for linking individual identity to the receipt of output from output devices include installing security functionality on facsimile machines, copiers, and printers. Such functionality allows organizations to implement authentication on output devices prior to the release of output to individuals.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern the implementation of link to individual identity for the organization's facilities?
- •Who is responsible for overseeing and maintaining link to individual identity controls?
- •How frequently are link to individual identity controls reviewed and updated?
- •What process exists for granting exceptions to link to individual identity requirements?
- •How does the organization ensure accountability for link to individual identity across all facility locations?
Technical Implementation:
- •What technologies or systems technically implement link to individual identity?
- •How are these systems configured to meet the control requirements?
- •What monitoring or alerting capabilities exist for link to individual identity?
- •How do link to individual identity systems integrate with other physical security infrastructure?
- •What redundancy or backup mechanisms support link to individual identity?
Evidence & Documentation:
- •Provide documented policies and procedures for link to individual identity.
- •Provide evidence of link to individual identity implementation and configuration.
- •Provide logs, records, or reports demonstrating link to individual identity activities over the past 90 days.
- •Provide testing, maintenance, or inspection records for link to individual identity from the past year.
- •Provide evidence of link to individual identity reviews, audits, or assessments.
Ask AI
Configure your API key to use AI features.