This control requires your organization to ensure that every user is uniquely identified and authenticated before being granted access to systems that store, process, or transmit Controlled Unclassified Information (CUI). This applies to both human users and system/service accounts and emphasizes accountability and traceability.