| Compliance |
The following 10 compliance controls are associated with this Policy definition 'Assign system identifiers' (f29b17a4-0df2-8a50-058a-8570f9979d28)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IA-4 |
FedRAMP_High_R4_IA-4 |
FedRAMP High IA-4 |
Identification And Authentication |
Identifier Management |
Shared |
n/a |
The organization manages information system identifiers by:
a. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, or device identifier;
b. Selecting an identifier that identifies an individual, group, role, or device;
c. Assigning the identifier to the intended individual, group, role, or device;
d. Preventing reuse of identifiers for [Assignment: organization-defined time period]; and
e. Disabling the identifier after [Assignment: organization-defined time period of inactivity].
Supplemental Guidance: Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. Related controls: AC-2, IA-2, IA-3, IA-5, IA-8, SC-37.
References: FIPS Publication 201; NIST Special Publications 800-73, 800-76, 800-78. |
link |
7 |
| FedRAMP_Moderate_R4 |
IA-4 |
FedRAMP_Moderate_R4_IA-4 |
FedRAMP Moderate IA-4 |
Identification And Authentication |
Identifier Management |
Shared |
n/a |
The organization manages information system identifiers by:
a. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, or device identifier;
b. Selecting an identifier that identifies an individual, group, role, or device;
c. Assigning the identifier to the intended individual, group, role, or device;
d. Preventing reuse of identifiers for [Assignment: organization-defined time period]; and
e. Disabling the identifier after [Assignment: organization-defined time period of inactivity].
Supplemental Guidance: Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. Related controls: AC-2, IA-2, IA-3, IA-5, IA-8, SC-37.
References: FIPS Publication 201; NIST Special Publications 800-73, 800-76, 800-78. |
link |
7 |
| hipaa |
11109.01q1Organizational.57-01.q |
hipaa-11109.01q1Organizational.57-01.q |
11109.01q1Organizational.57-01.q |
11 Access Control |
11109.01q1Organizational.57-01.q 01.05 Operating System Access Control |
Shared |
n/a |
The organization ensures that redundant user IDs are not issued to other users and that all users are uniquely identified and authenticated for both local and remote access to information systems. |
|
7 |
| hipaa |
1167.01e2System.1-01.e |
hipaa-1167.01e2System.1-01.e |
1167.01e2System.1-01.e |
11 Access Control |
1167.01e2System.1-01.e 01.02 Authorized Access to Information Systems |
Shared |
n/a |
The organization maintains a documented list of authorized users of information assets. |
|
2 |
| ISO27001-2013 |
A.9.2.1 |
ISO27001-2013_A.9.2.1 |
ISO 27001:2013 A.9.2.1 |
Access Control |
User registration and de-registration |
Shared |
n/a |
A formal user registration and de-registration process shall be implemented to enable assignment of access rights. |
link |
27 |
| NIST_SP_800-171_R2_3 |
.5.1 |
NIST_SP_800-171_R2_3.5.1 |
NIST SP 800-171 R2 3.5.1 |
Identification and Authentication |
Identify system users, processes acting on behalf of users, and devices. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Common device identifiers include Media Access Control (MAC), Internet Protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared system accounts. Typically, individual identifiers are the user names associated with the system accounts assigned to those individuals. Organizations may require unique identification of individuals in group accounts or for detailed accountability of individual activity. In addition, this requirement addresses individual identifiers that are not necessarily associated with system accounts. Organizational devices requiring identification may be defined by type, by device, or by a combination of type/device. [SP 800-63-3] provides guidance on digital identities. |
link |
9 |
| NIST_SP_800-53_R4 |
IA-4 |
NIST_SP_800-53_R4_IA-4 |
NIST SP 800-53 Rev. 4 IA-4 |
Identification And Authentication |
Identifier Management |
Shared |
n/a |
The organization manages information system identifiers by:
a. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, or device identifier;
b. Selecting an identifier that identifies an individual, group, role, or device;
c. Assigning the identifier to the intended individual, group, role, or device;
d. Preventing reuse of identifiers for [Assignment: organization-defined time period]; and
e. Disabling the identifier after [Assignment: organization-defined time period of inactivity].
Supplemental Guidance: Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. Related controls: AC-2, IA-2, IA-3, IA-5, IA-8, SC-37.
References: FIPS Publication 201; NIST Special Publications 800-73, 800-76, 800-78. |
link |
7 |
| NIST_SP_800-53_R5 |
IA-4 |
NIST_SP_800-53_R5_IA-4 |
NIST SP 800-53 Rev. 5 IA-4 |
Identification and Authentication |
Identifier Management |
Shared |
n/a |
Manage system identifiers by:
a. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, service, or device identifier;
b. Selecting an identifier that identifies an individual, group, role, service, or device;
c. Assigning the identifier to the intended individual, group, role, service, or device; and
d. Preventing reuse of identifiers for [Assignment: organization-defined time period]. |
link |
7 |
| PCI_DSS_v4.0 |
8.2.1 |
PCI_DSS_v4.0_8.2.1 |
PCI DSS v4.0 8.2.1 |
Requirement 08: Identify Users and Authenticate Access to System Components |
User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle |
Shared |
n/a |
All users are assigned a unique ID before access to system components or cardholder data is allowed. |
link |
3 |
| PCI_DSS_v4.0 |
8.2.4 |
PCI_DSS_v4.0_8.2.4 |
PCI DSS v4.0 8.2.4 |
Requirement 08: Identify Users and Authenticate Access to System Components |
User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle |
Shared |
n/a |
Addition, deletion, and modification of user IDs, authentication factors, and other identifier objects are managed as follows:
• Authorized with the appropriate approval.
• Implemented with only the privileges specified on the documented approval. |
link |
7 |
|