IA-04 Identifier Management
Manage system identifiers by:
a. Receiving authorization from ia-04_odp.01 to assign an individual, group, role, service, or device identifier;
b. Selecting an identifier that identifies an individual, group, role, service, or device;
c. Assigning the identifier to the intended individual, group, role, service, or device; and
d. Preventing reuse of identifiers for ia-04_odp.02.
| Parameter ID | Definition |
|---|---|
| ia-04_odp.01 | personnel or roles |
| ia-04_odp.02 | time period |
Baselines
- L
- M
- H
- P
Guidance
Common device identifiers include Media Access Control (MAC) addresses, Internet Protocol (IP) addresses, or device-unique token identifiers. The management of individual identifiers is not applicable to shared system accounts. Typically, individual identifiers are the usernames of the system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4 . Identifier management also addresses individual identifiers not necessarily associated with system accounts. Preventing the reuse of identifiers implies preventing the assignment of previously used individual, group, role, service, or device identifiers to different individuals, groups, roles, services, or devices.
References 5
- FIPS 201-2 National Institute of Standards and Technology (2013) Personal Identity Verification (PIV) of Federal Employees and Contractors. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 201-2.
- SP 800-63-3 Grassi PA, Garcia ME, Fenton JL (2017) Digital Identity Guidelines. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-63-3, Includes updates as of March 2, 2020.
- SP 800-73-4 Cooper DA, Ferraiolo H, Mehta KL, Francomacaro S, Chandramouli R, Mohler J (2015) Interfaces for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-73-4, Includes updates as of February 8, 2016.
- SP 800-76-2 Grother PJ, Salamon WJ, Chandramouli R (2013) Biometric Specifications for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-76-2.
- SP 800-78-4 Polk T, Dodson DF, Burr WE, Ferraiolo H, Cooper DA (2015) Cryptographic Algorithms and Key Sizes for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-78-4.
Control Enhancements 9
- IA-04(01) Prohibit Account Identifiers as Public Identifiers L M H P
- IA-04(02) Supervisor Authorization
- IA-04(03) Multiple Forms of Certification
- IA-04(04) Identify User Status L M H P
- IA-04(05) Dynamic Management L M H P
- IA-04(06) Cross-organization Management L M H P
- IA-04(07) In-person Registration
- IA-04(08) Pairwise Pseudonymous Identifiers L M H P
- IA-04(09) Attribute Maintenance and Protection L M H P
Related controls 17
- AC-05 Separation of Duties L M H P
- IA-02 Identification and Authentication (Organizational Users) L M H P
- IA-03 Device Identification and Authentication L M H P
- IA-05 Authenticator Management L M H P
- IA-08 Identification and Authentication (Non-organizational Users) L M H P
- IA-09 Service Identification and Authentication L M H P
- IA-12 Identity Proofing L M H P
- MA-04 Nonlocal Maintenance L M H P
- PE-02 Physical Access Authorizations L M H P
- PE-03 Physical Access Control L M H P
- PE-04 Access Control for Transmission L M H P
- PL-04 Rules of Behavior L M H P
- PM-12 Insider Threat Program L M H P
- PS-03 Personnel Screening L M H P
- PS-04 Personnel Termination L M H P
- PS-05 Personnel Transfer L M H P
- SC-37 Out-of-band Channels L M H P