CMMC 2.0 • LEVEL 1 • IDENTIFICATION & AUTHENTICATION

IA.L1-3.5.1User Identification and Authentication

Uniquely identify and authenticate system users, and associate that unique identification with processes acting on behalf of those users. Re-authenticate users when unique username per individual user; device identifiers (hostname, MAC address, or certificate); service accounts identified by function with no shared credentialsCMMC/STIG .

NIST 800-171 Mapping

NIST 800-53 Controls

IA-2IA-5

Assessment Objectives

  • system users are uniquely identified.
  • system users are authenticated.
  • processes acting on behalf of users are associated with uniquely identified and authenticated system users.
  • users are reauthenticated when unique username per individual user; device identifiers (hostname, MAC address, or certificate); service accounts identified by function with no shared credentialsCMMC/STIG .

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

IA.L1-3.5.2 Device Identification and Authentication IA.L2-3.5.3 Multi-Factor Authentication IA.L2-3.5.4 Replay-Resistant Authentication IA.L2-3.5.5 Identifier Management