NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-4(5)Dynamic Management

Manage individual identifiers dynamically in accordance with {{ insert: param, ia-04.05_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

In contrast to conventional approaches to identification that presume static accounts for preregistered users, many distributed systems establish identifiers at runtime for entities that were previously unknown. When identifiers are established at runtime for previously unknown entities, organizations can anticipate and provision for the dynamic establishment of identifiers. Pre-established trust relationships and mechanisms with appropriate authorities to validate credentials and related identifiers are essential.

Practitioner Notes

This enhancement requires dynamic management of identifiers — automatically adjusting or revoking identifiers based on changing conditions like role changes or security events.

Example 1: Configure Azure AD Identity Governance with access reviews that automatically remove access when users change roles and their old access is no longer appropriate.

Example 2: Implement automated SCIM provisioning between your HR system and identity provider so that job role changes automatically trigger access adjustments within 24 hours.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts