User and account IDs aren't reassigned for a defined period.
What it actually means
When someone leaves, their username/identifier shouldn't be handed to a new person right away — reuse muddies your audit trail. Define a non-reuse period and let your identity provider enforce it.
Pass or fail — an assessor needs a "yes" to each
- A defined identifier non-reuse period exists.
- Identifiers aren't reassigned within that period.
What to have ready
- Policy stating the non-reuse period
- Identity-provider lifecycle settings
Where teams trip up
- Immediately reusing a departed employee's username
- No defined period at all
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →