CMMC Practice IA.3.085

Prevent the reuse of identifiers for a defined period.


CMMC Version 1.02, pg. 140

Bold Coast Security Guidance

Assigning unique credentials, and then not re-using them, provides consistent results and prevents confusion when auditing resources and reviewing audit logs. This may not apply or be practical when replacing failed and/or end of life hardware when reusing a server name is desirable for user continuity and system availability. Note the exception in your policy.

Discussion From Source

DRAFT NIST SP 800-171 R2 Identifiers are provided for users, processes acting on behalf of users, or devices ( IA.1.076). Preventing reuse of identifiers implies preventing the assignment of previously used individual, group, role, or device identifiers to different individuals, groups, roles, or devices.