AUTH-14 Unique Accounts Identifiers

What is this control really about?

This control is ensuring that your authentication process of identifying users that request access to a system, network, or device is based on the use of unique credentials like username and password, biometrics authentication, token based authentication or certificate-based authentication.

Unique Identifiers (UIDs) identify an individual as part of the organization via the use of a combination of numbers/letters.

This control is asking you to confirm that your organization uses various combinations to identify an individual as part of the process of requesting access to a system.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

• N/A no templates available for this control

What is required to implement this control?

When implementing your authentication process, the following steps should be considered for account IDs:

• Unique IDs should be unique
• Unique IDs can never be re-issued
• Unique IDs must be a lifetime identifier

Then, an auditing trail must be implemented to easily track the IDs activities across the platform

What evidence is the auditor looking for?

• User lists demonstrating that unique IDs are used

An example of what an artifact can look like

1. User lists demonstrating that unique IDs are used

Source