Does your organization verify individuals' identities during enrollment using government-issued credentials?
Explanation
Identity proofing at enrollment is what's being assessed, namely whether you verify users' true identities during account creation using government-issued credentials such as passports or driver's licenses. This verification process helps prevent identity fraud, account takeovers, and ensures only legitimate users gain access to your systems and services.
Evidence of compliance could include documented identity verification procedures, screenshots of identity verification prompts in your enrollment workflow, audit logs showing identity verification steps completed, or contracts with third-party identity verification service providers.
Implementation Example
Verify a person's claimed identity at enrollment time using government-issued identity credentials (e.g., passport, visa, driver's license)
ID: PR.AA-02.198
Context
- Function
- PR: PROTECT
- Category
- PR.AA: Identity Management, Authentication, and Access Control
- Sub-Category
- Identities are proofed and bound to credentials based on the context of interactions
Related questions
- Does your organization have a formal process to request, track, review, and fulfill access requests that includes appropriate approval from system or data owners?
- Does your organization have a formal process for managing the lifecycle of cryptographic certificates, keys, identity tokens, and other credentials?
- Does your organization use unique device identifiers based on immutable hardware characteristics or secure provisioning methods?
- Does your organization physically label all authorized hardware assets with unique identifiers for inventory tracking and servicing purposes?
- Does your organization issue unique credentials to each individual user and prohibit credential sharing?
- Has your organization implemented multifactor authentication (MFA) for all user access to systems containing sensitive data?

