CMMC 1.0 Practice IA.3.085 Requirement:
Prevent the reuse of identifiers for a defined period.
CMMC 1.0 IA.3.085 Requirement Explanation:
Typically, individual identifiers are the user names of accounts assigned to those individuals. Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. If you reuse identifiers soon after they have been decommissioned you may cause confusion. It will be more difficult to determine who or what actually did something because the account or device name will be the same.
Example CMMC 1.0 IA.3.085 Implementation:
Do not reuse usernames on accounts for a defined period of time (e.g., for one year). Do not reuse systems names and other identifiers such as group names.
CMMC 1.0 IA.3.085 Scenario(s):
- Scenario 1:
An employee named John Doe with a user account jdoe has had his employment terminated. Incidentally his replacement is his brother James Doe. Instead of reassigning the account jdoe you create a new account jamesdoe.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you