AUTH-14 Unique Accounts Identifiers

What is AUTH-14 Unique Accounts Identifiers Control?

Unique Accounts Identifiers Control ensures that your authentication process of identifying users that request access to a system, network, or device is based on the use of unique credentials like username and password, biometric authentication, token-based authentication, or certificate-based authentication.

Unique identifiers (UIDs) identify an individual as part of the organization via the use of a combination of numbers and letters.

This control is asking you to confirm that your organization uses various combinations to identify an individual as part of the process of requesting access to a system.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Tools

N/A: No tools required

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started:

• N/A: no template recommendation is made for this control.

Control Implementation

To implement this control,

The following steps are to be considered for account IDs:

• Unique IDs should be unique.
• Unique IDs can never be reissued.
• Unique IDs must be lifetime identifiers.

Then, an audit trail must be implemented to easily track ID activities across the platform.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. User lists demonstrating unique IDs are used.

Evidence Example

From the suggested action, an example is provided below.

1. User lists demonstrating unique IDs are used.
   Refer to Source for more information about unique identifiers.
   The following screenshot demonstrates the use of unique IDs.