CMMC 2.0 • LEVEL 2 • IDENTIFICATION & AUTHENTICATION

IA.L2-3.5.5Identifier Management

Receive authorization from organizational personnel or roles to assign an individual, group, role, service, or device identifier. Select and assign an identifier that identifies an individual, group, role, service, or device. Prevent the reuse of identifiers for temporary passwords must meet complexity requirements, be unique per user, expire on first use, and never be transmitted in cleartextCMMC/STIG. Manage individual identifiers by uniquely identifying each individual as 1 day minimum password ageCMMC/STIG.

NIST 800-171 Mapping

NIST 800-53 Controls

IA-4

Assessment Objectives

  • authorization is received from organizational personnel or roles to assign an individual, group, role, service, or device identifier.
  • an identifier that identifies an individual, group, role, service, or device is selected.
  • an identifier that identifies an individual, group, role, service, or device is assigned.
  • the reuse of identifiers for temporary passwords must meet complexity requirements, be unique per user, expire on first use, and never be transmitted in cleartextCMMC/STIG is prevented.
  • individual identifiers are managed by uniquely identifying each individual as 1 day minimum password ageCMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

IA.L1-3.5.1 User Identification and Authentication IA.L1-3.5.2 Device Identification and Authentication IA.L2-3.5.3 Multi-Factor Authentication IA.L2-3.5.4 Replay-Resistant Authentication