CMMC Practice Requirement:

Identify information system users, processes acting on behalf of users, or devices.

CMMC Requirement Explanation:

User accounts and systems need to be given unique identifiers The ability to identify a user or system is a critical part of authentication. It also allows you to trace events and incidents to a user or system.

Example CMMC Implementation:

Assign unique & unambiguous usernames to your user accounts. An example is to assign the user name of jdoe to an account belonging to an employee named John Doe. This allows you to identify the account user. Assign unique identifiers to your systems such as workstations and servers. An example is naming a computer using its model & serial number (e.g. Model#_Serial#)


- Scenario 1:

Alice, a system administrator is reviewing user account names in active directory. She notices a few usernames that do not uniquely identify the user of the account. One example is an account named "EpicDeveloper85". The account name does not indicate the person using the account. After further investigation and Alice discovers the person behind the account and renames it to reflect their first and last name.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance