NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-4(9)Attribute Maintenance and Protection

Maintain the attributes for each uniquely identified individual, device, or service in {{ insert: param, ia-04.09_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

For each of the entities covered in [IA-2](#ia-2), [IA-3](#ia-3), [IA-8](#ia-8) , and [IA-9](#ia-9) , it is important to maintain the attributes for each authenticated entity on an ongoing basis in a central (protected) store.

Practitioner Notes

This enhancement requires maintaining and protecting the attributes associated with identifiers — keeping identity information accurate, current, and secure.

Example 1: Restrict who can modify Active Directory user attributes (like department, title, and manager) to HR administrators and designated identity management staff.

Example 2: Enable audit logging on all identity attribute changes in Azure AD so you can track who modified user profile information and when.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts