Control: The organization manages user identifiers by: (i) uniquely identifying each user; (ii) verifying the identity of each user; (iii) receiving authorization to issue a user identifier from an appropriate organization official; (iv) issuing the user identifier to the intended party; (v) disabling the user identifier after [Assignment: organization-defined time period] of inactivity; and (vi) archiving user identifiers.

Supplemental Guidance: Identifier management is not applicable to shared information system accounts (e.g., guest and anonymous accounts). FIPS 201 and Special Publications 800-73, 800- 76, and 800-78 specify a personal identity verification (PIV) credential for use in the unique identification and authentication of federal employees and contractors.

Control Enhancements: (0) None.

Baseline: LOW IA-4 MOD IA-4 HIGH IA-4

Family: Identification And Authentication

Class: Technical

ISO 17799 mapping: 11.2.3, 11.5.2

COBIT 4.1 mapping: DS5.3, DS5.4