IA-4(1)

  • Requirement

    Prohibit the use of system account identifiers that are the same as public identifiers for individual accounts.

  • Discussion

    Prohibiting account identifiers as public identifiers applies to any publicly disclosed account identifier used for communication such as, electronic mail and instant messaging. Prohibiting the use of systems account identifiers that are the same as some public identifier, such as the individual identifier section of an electronic mail address, makes it more difficult for adversaries to guess user identifiers. Prohibiting account identifiers as public identifiers without the implementation of other supporting controls only complicates guessing of identifiers. Additional protections are required for authenticators and credentials to protect the account.

More Info

  • Title

    Identifier Management | Prohibit Account Identifiers as Public Identifiers
  • Family

    Identification and Authentication
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AT-2;PT-7

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!