800-53|IA-4

Title

IDENTIFIER MANAGEMENT

Description

The organization manages information system identifiers by:

Supplemental

Common device identifiers include, for example, media access control (MAC), Internet protocol (IP) addresses, or device-unique token identifiers. Management of individual identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). Typically, individual identifiers are the user names of the information system accounts assigned to those individuals. In such instances, the account management activities of AC-2 use account names provided by IA-4. This control also addresses individual identifiers not necessarily associated with information system accounts (e.g., identifiers used in physical security control databases accessed by badge reader systems for access to information systems). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices.

Reference Item Details

Related: AC-2,IA-2,IA-3,IA-5,IA-8,SC-37

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.2 Ensure only trusted users are allowed to control Docker daemonUnixCIS Docker v1.3.1 L1 Linux Host OS
1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 Use Just In Time privileged access to Office 365 rolesmicrosoft_azureCIS Microsoft 365 Foundations E5 L2 v1.4.0
1.1.52 Ensure 'Enable profile creation from the Identity flyout menu or the Settings page' is set to 'Disabled'WindowsCIS Microsoft Edge L1 v1.0.1
1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.13 Ensure that 'Members can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
1.14 Ensure that 'Guests can invite' is set to 'No'microsoft_azureCIS Microsoft Azure Foundations v1.3.1 L2
2.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master
2.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master
2.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master
2.14 Ensure containers are restricted from acquiring new privilegesUnixCIS Docker v1.3.1 L1 Docker Linux
3.2 Ensure that storage account access keys are periodically regeneratedmicrosoft_azureCIS Microsoft Azure Foundations v1.3.1 L1
4.6 Ensure only authorized users and groups belong to the esxAdminsGroup groupVMwareCIS VMware ESXi 6.7 v1.2.0 Level 1
4.7 Ensure the Exception Users list is properly configuredVMwareCIS VMware ESXi 6.7 v1.2.0 Level 1
5.3.2 Ensure system accounts are secured - lock not rootUnixCIS Google Container-Optimized OS L2 Server v1.0.0
5.3.2 Ensure system accounts are secured - non loginUnixCIS Google Container-Optimized OS L2 Server v1.0.0
5.10 Ensure DCUI has a trusted users list for lockdown modeVMwareCIS VMware ESXi 6.7 v1.2.0 Level 1
5.10 Set DCUI.Access to allow trusted users to override lockdown modeVMwareCIS VMware ESXi 6.5 v1.0.0 Level 1
6.2.12 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Debian Family Workstation L1 v1.0.0
6.2.12 Ensure all groups in /etc/passwd exist in /etc/groupUnixCIS Debian Family Server L1 v1.0.0
17.2.2 (L1) Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.2.2 (L1) Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.2.3 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.2.3 (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.2.3 Ensure 'Audit Distribution Group Management' is set to include 'Success' (DC only)WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.2.4 Ensure 'Audit Other Account Management Events' is set to include 'Success' (DC only)WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.2.5 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.2.5 Ensure 'Audit Security Group Management' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.2.6 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.2.6 Ensure 'Audit User Account Management' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.1 (L1) Ensure 'Audit Account Lockout' is set to include 'Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.1 (L1) Ensure 'Audit Account Lockout' is set to include 'Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.1 Ensure 'Audit Account Lockout' is set to include 'Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.1 Ensure 'Audit Account Lockout' is set to include 'Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.2 (L1) Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.2 Ensure 'Audit Logoff' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.3 (L1) Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'WindowsCIS Windows Server 2012 DC L1 v2.2.0
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
17.5.5 (L1) Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 MS L1 v2.2.0
17.5.5 Ensure 'Audit Special Logon' is set to include 'Success'WindowsCIS Windows Server 2012 DC L1 v2.2.0