CMMC Practice Requirement:

Prevent the reuse of identifiers for a defined period.

CMMC Requirement Explanation:

Typically, individual identifiers are the user names of accounts assigned to those individuals. Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices. If you reuse identifiers soon after they have been decommissioned you may cause confusion. It will be more difficult to determine who or what actually did something because the account or device name will be the same.

Example CMMC Implementation:

Do not reuse usernames on accounts for a defined period of time (e.g., for one year). Do not reuse systems names and other identifiers such as group names.


- Scenario 1:

An employee named John Doe with a user account jdoe has had his employment terminated. Incidentally his replacement is his brother James Doe. Instead of reassigning the account jdoe you create a new account jamesdoe.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance