NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-4(4)Identify User Status

Manage individual identifiers by uniquely identifying each individual as {{ insert: param, ia-04.04_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Characteristics that identify the status of individuals include contractors, foreign nationals, and non-organizational users. Identifying the status of individuals by these characteristics provides additional information about the people with whom organizational personnel are communicating. For example, it might be useful for a government employee to know that one of the individuals on an email message is a contractor.

Practitioner Notes

This enhancement requires user identifiers to include status information — such as whether the user is a contractor, temporary employee, or has other relevant attributes.

Example 1: Include employment type in Active Directory attributes (e.g., employeeType = "Contractor" or "FTE") and use these attributes in Conditional Access policies.

Example 2: Use a naming convention that includes status indicators — for example, prefix contractor accounts with "CTR-" in your Azure AD to make their status immediately visible.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts