Identification and Authentication Policy for 18F
The 18F Identification and Authentication Policy section 3 Identifier Management states: Identifier Management: 18F manages information system identifiers for users and devices by:
- Receiving authorization from a designated organizational official to assign a user or device identifier.
- Selecting an identifier that uniquely identifies an individual or device.
- Assigning the user identifier to the intended party or the device identifier to the intended device.
- Preventing reuse of user or device identifiers for one (1).
- Disabling the user identifier after ninety (90) days of inactivity for general user accounts and thirty (30) days for administrator level accounts.