IAM-13: Uniquely Identifiable Users

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Info icon.

Control is new to this version of the control set.

Control Statement

Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs.

Implementation Guidance

All users should be assigned a unique ID before allowing access to system components or applications. Allocating a unique ID to each person with access ensures each individual is uniquely accountable for their actions. When such accountability occurs, actions taken on critical data and systems can be traced to known, authorized users and processes. The organization should have a process to detect any creation of non -individual accounts in any infrastructure/application (either in the cloud or on-premises).

Auditing Guidance

  1. Determine if processes, procedures and technical measures are defined and require that users are identifiable through unique IDs or by association of individuals to the usage of user IDs.
  2. Determine if the established processes, procedures and technical measures are implemented and consistently followed in practice.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.