Guidance for NIST 800-171 Assessment & Compliance

IA-4(4) IDENTIFIER MANAGEMENT | IDENTIFY USER STATUS

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

(O)ther than satisfactory +##

###

ia-4(4)	identifier management \| identify user status
	assessment objective: Determine if the organization:
	ia-4(4)[1]	defines a characteristic to be used to identify individual status; and
	ia-4(4)[2]	manages individual identifiers by uniquely identifying each individual as the organization-defined characteristic identifying individual status.
	potential assessment methods and objects: Examine: [select from: Identification and authentication policy; procedures addressing identifier management; procedures addressing account management; list of characteristics identifying individual status; other relevant documents or records]. Interview: [select from: Organizational personnel with identifier management responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [select from: Automated mechanisms supporting and/or implementing identifier management].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056