This control addresses dynamic management of account identifiers. Identifiers identify an individual, group, role, or device. Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. User identifiers are the names of the information system accounts associated with specific individuals.
Dynamic establishment of new identifiers and their associated authorizations will occur while the system is operational. New identifiers or changes to existing identifiers must take effect without the need for a system or session restart. Pre-established trust relationships and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate each identifier are essential to prevent unauthorized access by changed or revoked accounts. Dynamic functionality also prevents disruption of operations by minimizing the need for system restarts.
Dynamic management of identifiers, attributes, and associated access authorizations is not a function of the IDPS, thus this requirement is not applicable. |