Detections
Analytics

800-53|IA-4

Title

IDENTIFIER MANAGEMENT

Description

The organization manages information system identifiers by:

Supplemental

Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices.

Reference Item Details

Related: AC-2,IA-2,IA-3,IA-5,IA-8,SC-37

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
2.14 Ensure containers are restricted from acquiring new privilegesUnixCIS Docker v1.7.0 L1 Docker - Linux
6.2.3 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
6.2.3 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
6.2.12 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Debian Family Server L1 v1.0.0
6.2.12 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Debian Family Workstation L1 v1.0.0
6.2.15 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
6.2.15 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0
6.2.15 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
7.1 Ensure authentication file permissions are set correctlyWindowsCIS MongoDB 3.6 L1 Windows Audit v1.1.0
7.1 Ensure authentication file permissions are set correctlyUnixCIS MongoDB 3.6 L1 Unix Audit v1.1.0
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Accounts after 35 Days of InactivityUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Uniquely Identify Users and ProcessesUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Uniquely Identify Users and ProcessesUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Uniquely Identify Users and ProcessesUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Uniquely Identify Users and ProcessesUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Disable Accounts after 35 Days of InactivityUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Uniquely Identify Users and ProcessesUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Uniquely Identify Users and ProcessesUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Uniquely Identify Users and ProcessesUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Uniquely Identify Users and ProcessesUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
F5BI-DM-000227 - The BIG-IP appliance must be configured to dynamically manage user accounts.F5DISA F5 BIG-IP Device Management STIG v2r3
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Disable Accounts after 35 Days of InactivityUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Uniquely Identify Users and ProcessesUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Uniquely Identify Users and ProcessesUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Uniquely Identify Users and ProcessesUnixNIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Uniquely Identify Users and ProcessesUnixNIST macOS Monterey v1.0.0 - All Profiles