Identity management processes should ensure:na) one identity per person for accountability;nb) identities shared between users are approved and documented;nc) non-human activities have independent oversight;nd) timely removal of unnecessary identities;ne) no duplicate identities within a domain;nf) documents recording identity events are kept.nChanges to user identities should involve a supplemental process, including re-verifying reliable documents. When using third-party accounts, risks should be treated with appropriate controls.n
Conformance1
Tools for conforming to standards, goals and processes
