Navigate

IA-4(1)

IA-4(1): Prohibit Account Identifiers as Public Identifiers

The organization prohibits the use of information system account identifiers that are the same as public identifiers for individual electronic mail accounts.

Supplemental

Prohibiting the use of information systems account identifiers that are the same as some public identifier such as the individual identifier section of an electronic mail address, makes it more difficult for adversaries to guess user identifiers on organizational information systems.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to IA-4(1).

Control	Description
AT-2	The organization provides basic security awareness training to information system users (including managers, senior executives, and contractors): a: As part of initial training for new users; b: When required by information system changes; and c: [organization-defined frequency] thereafter.

Enhancements

The controls below (if any) add on to the requirements of IA-4(1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IA-4(1).

CCI	Definition
CCI-000796	Prohibit the use of system account identifiers that are the same as public identifiers for individual accounts.