|IA-4||Identifier Management||LOW||P1||Identification And Authentication|
The organization manages information system identifiers by:IA-4a.
Receiving authorization from Assignment: organization-defined personnel or roles to assign an individual, group, role, or device identifier;IA-4b.
Selecting an identifier that identifies an individual, group, role, or device;IA-4c.
Assigning the identifier to the intended individual, group, role, or device;IA-4d.
Preventing reuse of identifiers for Assignment: organization-defined time period; andIA-4e.
Disabling the identifier after Assignment: organization-defined time period of inactivity.
|Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices.|
The organization prohibits the use of information system account identifiers that are the same as public identifiers for individual electronic mail accounts.
The organization requires that the registration process to receive an individual identifier includes supervisor authorization.
The organization requires multiple forms of certification of individual identification such as documentary evidence or a combination of documents and biometrics be presented to the registration authority.
The organization manages individual identifiers by uniquely identifying each individual as Assignment: organization-defined characteristic identifying individual status.
The information system dynamically manages identifiers.
The organization coordinates with Assignment: organization-defined external organizations for cross-organization management of identifiers.
The organization requires that the registration process to receive an individual identifier be conducted in person before a designated registration authority.