NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-4(9)Attribute Maintenance and Protection

Maintain the attributes for each uniquely identified individual, device, or service in organization-defined parameter.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

For each of the entities covered in IA-2, IA-3, IA-8 , and IA-9 , it is important to maintain the attributes for each authenticated entity on an ongoing basis in a central (protected) store.

Practitioner Notes

This enhancement requires maintaining and protecting the attributes associated with identifiers — keeping identity information accurate, current, and secure.

Example 1: Restrict who can modify Active Directory user attributes (like department, title, and manager) to HR administrators and designated identity management staff.

Example 2: Enable audit logging on all identity attribute changes in Azure AD so you can track who modified user profile information and when.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts