Every user, service, and device has its own unique identity.
What it actually means
You can't hold anyone accountable, or authenticate them, if you can't tell them apart. Every person, service account, and device that touches CUI needs a unique identifier — no shared logins. Devices are uniquely identified through enrollment (MDM); users and services through your identity provider.
Pass or fail — an assessor needs a "yes" to each
- Every user has a unique account; no shared/generic logins.
- Service/process accounts are uniquely identified.
- Devices are uniquely identified (e.g., via MDM enrollment).
What to have ready
- Identity-provider user/service account list
- MDM device inventory
- Policy prohibiting shared accounts
Where teams trip up
- Shared logins like 'frontdesk' or a team mailbox used as an identity
- Generic service accounts shared across systems
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →