CCI-000764

Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users.

Implementation Guidance

Determine if: - Organizational users are uniquely identified and authenticated. - the unique identification of authenticated Organizational users is associated with processes acting on behalf of those users.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; procedures addressing user identification and authentication; system security plan, system design documentation; system configuration settings and associated documentation; system audit records; list of system accounts; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system operations responsibilities; organizational personnel with information security responsibilities; system/network administrators; organizational personnel with account management responsibilities; system developers]. Test: [SELECT FROM: Organizational processes for uniquely identifying and authenticating users; mechanisms supporting and/or implementing identification and authentication capabilities].

The controls below (if any) were marked by NIST as being related to CCI-000764.