IA-4: Identifier Management
From NIST's SP800-53:
Manage system identifiers by: a. Receiving authorization from [Assignment: organization-defined personnel or roles] to assign an individual, group, role, service, or device identifier; b. Selecting an identifier that identifies an individual, group, role, service, or device; c. Assigning the identifier to the intended individual, group, role, service, or device; and d. Preventing reuse of identifiers for [Assignment: organization-defined time period].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.AC-7 | Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) |
| PR.AC-6 | Identities are proofed and bound to credentials and asserted in interactions |
| PR.AC-1 | Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1552 | Unsecured Credentials | Credential Access |
| T1213.002 | Sharepoint | Collection |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1213.001 | Confluence | Collection |
| T1552.005 | Cloud Instance Metadata API | Credential Access |
| T1547.006 | Kernel Modules and Extensions | Persistence, Privilege Escalation |
| T1602.002 | Network Device Configuration Dump | Collection |
| T1110.001 | Password Guessing | Credential Access |
| T1110 | Brute Force | Credential Access |
| T1053 | Scheduled Task/Job | Execution, Persistence, Privilege Escalation |
| T1053.002 | At | Execution, Persistence, Privilege Escalation |
| T1530 | Data from Cloud Storage | Collection |
| T1110.002 | Password Cracking | Credential Access |
| T1021.005 | VNC | Lateral Movement |
| T1578.001 | Create Snapshot | Defense Evasion |
| T1528 | Steal Application Access Token | Credential Access |
| T1563 | Remote Service Session Hijacking | Lateral Movement |
| T1562 | Impair Defenses | Defense Evasion |
| T1543 | Create or Modify System Process | Persistence, Privilege Escalation |
| T1003 | OS Credential Dumping | Credential Access |
| T1602.001 | SNMP (MIB Dump) | Collection |
| T1578 | Modify Cloud Compute Infrastructure | Defense Evasion |
| T1578.003 | Delete Cloud Instance | Defense Evasion |
| T1578.002 | Create Cloud Instance | Defense Evasion |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1537 | Transfer Data to Cloud Account | Exfiltration |
| T1602 | Data from Configuration Repository | Collection |
| T1110.004 | Credential Stuffing | Credential Access |
| T1003.006 | DCSync | Credential Access |
| T1213 | Data from Information Repositories | Collection |
| T1110.003 | Password Spraying | Credential Access |
| T1550.001 | Application Access Token | Defense Evasion, Lateral Movement |