Compliance Objectives TechIDManager Covers

The 11 objectives that are in bold are ones that specifically set TechIDManager apart as a privileged account managing tool from tools such as documentation, password vaults and privileged access that MSPs commonly attempt to solve this need with.

NIST 800-171
3.1.1   Limit system access to authorized users, processes acting on behalf of authorized                 users, and devices (including other systems.)
3.1.2   Limit information system access to the types of transactions and functions that                    authorized users are permitted to execute.
3.1.4   Separate the duties of individuals to reduce the risk of malevolent activity                                 without collusion.
3.1.5  Employ the principle of least privilege, including for specific security functions                        and privileged accounts.
3.3.2   Ensure that the actions of individual information system users can be uniquely                       traced to those users so they can be held accountable for their actions.
3.5.1   Identify information system users, processes acting on behalf of users, or devices.
3.5.7   Enforce a minimum password complexity and change of characters when new                             passwords are created.
3.5.10 Store and transmit only encrypted representation of passwords.

NIST 800-66
5.3.1.3 Ensure that all system users have been assigned a unique identifier

CIS Control
5.2 Use unique passwords
5.4 Restrict administrator privileges to dedicated administrator accounts
5.6 Centralized account management
6.1 Establish an access granting process
6.2 Establish an access revoking process
6.5 Require MFA for administrative access
6.8 Define and maintain role based access control

CMMC
AC.1.001 Authorized Access Control                                                                                                                                             Limit information system access to authorized users, processes acting on                                       behalf of authorized users, or devices (including other information systems.)
AC.1.002 Transaction & Function Control                                                                                                                                     Limit information system access to the types of transactions and functions that                         authorized users are permitted to execute.
AC.2.007 Least Privilege                                                                                                                                                                         Employ the principle of least privilege, including for specific security                                                 functions and privileged accounts.

PCI
8.1.1 Define and implement policies and procedures to provide accurate user identity                        management for non-consumer users and administrators in all system components.
8.1.3 Immediately revoke access for terminated users.
8.1.4 Remove or disable inactive user accounts within 90 days.
8.1.5 Manage the IDs used by third parties to access, support, or protect system                                    components remotely.
8.2.3 Passwords must be at least seven characters and contain numeric and alphabetic                       characters.
8.2.4 Change user passwords at least every 90 days.
8.2.5 Do not allow a new password to be created that is the same as any of the last four                    passwords used.
8.5     Do not use group, shared, or public IDs, passwords, or other authentication                               methods.
8.5.1 Additional requirement for service providers only: service providers with remote                 access to customer premises should use unique authentication information for                       each customer.
8.6     Authentication mechanisms must not be shared among multiple accounts and                        physical and/or logical controls must be in place to ensure only the intended                            account can use that mechanism to gain access.

HIPAA
164.312(a)(2)(i) Unique user identifier