# Identify Users and Authenticate Access to System Components

<table><thead><tr><th width="88.33333333333331"></th><th width="409"></th><th></th></tr></thead><tbody><tr><td>1</td><td>Processes and mechanisms for identifying users and authenticating access to system components are defined and understood.</td><td></td></tr><tr><td>2</td><td>User identification and related accounts for users and administrators are strictly managed throughout an account’s lifecycle.</td><td></td></tr><tr><td>3</td><td>Strong authentication for users and administrators is established and managed.</td><td></td></tr><tr><td>4</td><td>Multi-factor authentication (MFA) is implemented to secure access into the scope</td><td></td></tr><tr><td>5</td><td>Multi-factor authentication (MFA) systems are configured to prevent misuse.</td><td></td></tr><tr><td>6</td><td>Use of application and system accounts and associated authentication factors is strictly managed.</td><td></td></tr></tbody></table>