03.06.01 - User Identification and Authentication

The ia_l_01 control mandates that every user accessing Controlled Unclassified Information must be uniquely identified and authenticated before gaining system access, using mechanisms such as passwords, tokens, or multi-factor solutions, and that account creation, modification, disabling, and termination are properly managed to prevent unauthorized use.