NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-16(1)Identity Preservation

Preserve the identity of individuals in cross-organizational audit trails.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Identity preservation is applied when there is a need to be able to trace actions that are performed across organizational boundaries to a specific individual.

Practitioner Notes

When sharing audit data across organizations, preserve the identity of individuals in the logs. You need to know who performed actions, even when the data crosses organizational boundaries.

Example 1: When sharing log data with a partner during a joint investigation, include the full user principal name (UPN) — not just a generic account name. If the partner's logs show john.smith@partner.com accessed your system, that must correlate to a specific individual in the partner's directory.

Example 2: In federated authentication environments (SAML/OIDC), ensure that the identity claims in the token include enough information to uniquely identify the user across organizational boundaries. The NameID in a SAML assertion should be a persistent identifier that maps back to a specific person.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component