This requirement defines what an identifier is, how it should be used and the frequency in which it should be reused

And identifier is anything that can uniquely identify a system, device, individual, role, group or user. This can be a username, an IP address, a MAC address, an active directory group or any other dataset used in a system.

Each identifier should be assigned to an individual entity in order to uniquely identify it. This is usually accomplished by automated means, such as DHCP for IPs, burned in at the factory like MAC addresses or assigned by an administrator in the case of usernames, roles, and groups.

These identifiers should be kept unique and separate for as long as the entity is authorized. When an entity is no longer authorized the identifier it was assigned should not be reused for a reasonable period of time to ensure any logs that might be necessary to review are completed and/or archived.

23 views