Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs.
All users should be assigned a unique ID before allowing access to system components or applications. Allocating a unique ID to each person with access ensures each individual is uniquely accountable for their actions. When such accountability occurs, actions taken on critical data and systems can be traced to known, authorized users and processes. The organization should have a process to detect any creation of non -individual accounts in any infrastructure/application (either in the cloud or on-premises).
- Determine if processes, procedures and technical measures are defined and require that users are identifiable through unique IDs or by association of individuals to the usage of user IDs.
- Determine if the established processes, procedures and technical measures are implemented and consistently followed in practice.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.