IA.L1-3.5.1—Identification
>Control Description
Identify information system users, processes acting on behalf of users, or devices.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your user identification policy and procedure?
- •How do you govern the process for creating and issuing user identifiers?
- •What standards guide your user identification implementation?
- •How do you ensure unique identification of all users, processes, and devices?
Technical Implementation:
- •What systems identify users, processes, and devices (Active Directory, LDAP)?
- •How are unique identifiers assigned and managed?
- •What identity management tools provision user accounts?
- •How do you ensure each user has a unique identifier?
- •What mechanisms identify devices and processes?
Evidence & Documentation:
- •What authentication policy documentation can you provide?
- •What password policy settings and configurations can you show?
- •What MFA enrollment and usage reports demonstrate compliance?
- •What account management documentation shows account lifecycle?
- •What authentication logs demonstrate enforcement?
- •What screenshots show authentication configurations?
Ask AI
Configure your API key to use AI features.