NIST SP 800-171 & CMMC 2.0 3.5.5 Requirement:
Prevent the reuse of identifiers for a defined period.
NIST SP 800-171 & CMMC 2.0 3.5.5 Requirement Explanation:
Typically, individual identifiers are the user names of accounts assigned to those individuals. Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. If you reuse identifiers soon after they have been decommissioned you may cause confusion. It will be more difficult to determine who or what actually did something because the account or device name will be the same.
Example NIST SP 800-171 & CMMC 2.0 3.5.5 Implementation:
Do not reuse usernames on accounts for a defined period of time (e.g., for one year after the account was deleted). Do not reuse systems names and other identifiers such as group names.
NIST SP 800-171 & CMMC 2.0 3.5.5 Scenario(s):
- Scenario 1:
An employee named John Doe with a user account jdoe has had his employment terminated. Incidentally his replacement is his brother James Doe. Instead of reassigning the account jdoe you create a new account jamesdoe.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.