No formal authorization for non-public user creation
The public users are those used for general public identification, but without representing any rights over the system critical functions. For a user to have a right level above the general public, it is necessary that there is an authorization process for this user.
The development and assignment of rights to users are critical administrative tasks for system security, for the creation of fictitious users can invalidate the mechanisms that ensure the traceability and authenticity.
The main point is to ensure that the user being created is effectively the user receiving the password. The authenticity of the user creation process is critical because, as the user is ""born"" at that time for the system, there is no way the system can ensure by itself, the authenticity of the same.
This control can only be implemented by external procedures, since the system cannot authenticate the user before its authentication factors are created.
It shall be implemented through the following mechanisms:
- limitation of the rights to "create users" at the lowest possible number of active users of the system;
- Full audit trail creation for the functions to "create users", "assign rights" and "choose password";
- Function segregation, requiring the approval by other administrative user, of the user creation;
- Requirement of confirmation by other systems or by an external process, at the time of the creation of users, for example, of the validity of the SSN or ID number;
- Requirement of some kind of physical identity registration (identity, drivers license, passport, etc.) at the time of user creation, to choice of password and assignment of its rights.