IA.L2-3.5.5—Identifier Reuse
Level 2
800-171: 3.5.5
>Control Description
Prevent reuse of identifiers for a defined period.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy for identifier reuse?
- •How long must an identifier remain inactive before it can be reused?
- •What is your process for tracking identifier lifecycle and preventing premature reuse?
- •Who approves exceptions to identifier reuse restrictions?
Technical Implementation:
- •What technical controls prevent identifier reuse?
- •How do identity management systems enforce reuse restrictions?
- •What mechanisms track identifier lifecycle?
- •How long are deleted identifiers prevented from reuse?
- •What tools verify identifiers are not reused prematurely?
Evidence & Documentation:
- •What authentication policy documentation can you provide?
- •What password policy settings and configurations can you show?
- •What MFA enrollment and usage reports demonstrate compliance?
- •What account management documentation shows account lifecycle?
- •What authentication logs demonstrate enforcement?
- •What screenshots show authentication configurations?
Ask AI
Configure your API key to use AI features.