Policy
Policy Name
User ID Management Policy

Overview
Identity represents who someone is to include unique characteristics (such as user ID) that differentiate from other individuals. User ID's should be appropriately managed as critical component of the organization's Identity Management (and Access Control) program.

Statement
  • User ID's must be unique and must not be shared to ensure accountability.
  • User ID's must have a documented owner who is accountable for it's usage.
  • User ID's must require authentication of credentials. User ID's must be traceable (e.g. audit logged) to the assigned user or owner.
  • User ID's must be disabled after termination of employment, contract or business relationship.
  • Inactive ID's should be disabled or deleted after a period of inactivity.
  • Privileged ID's must have a documented business need or justification.

Justification

The following benefits will be achieved:

  • Users will be identified and their access to resources tracked
  • Ensure unique ID's assigned to individuals
  • Ensure privileged ID's are appropriately managed

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
User ID Management
Access Control