>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA.L2-3.5.11Obscure Feedback

Level 2
800-171: 3.5.11

>Control Description

Obscure feedback of authentication information.

>Cross-Framework Mappings

NIST SP 800-171

3.5.11
Compare

SCF

IAC-11
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is your policy for obscuring authentication feedback during logon?
  • How do you ensure authentication information is not displayed during entry?
  • What standards guide your implementation of authentication feedback obscuration?

Technical Implementation:

  • What mechanisms hide password entry (asterisks, dots)?
  • How do you ensure all systems obscure authentication feedback?
  • What technical controls prevent shoulder-surfing of credentials?
  • How do web applications obscure password input fields?
  • What settings ensure authentication masking is enabled?

Evidence & Documentation:

  • What authentication policy documentation can you provide?
  • What password policy settings and configurations can you show?
  • What MFA enrollment and usage reports demonstrate compliance?
  • What account management documentation shows account lifecycle?
  • What authentication logs demonstrate enforcement?
  • What screenshots show authentication configurations?

Ask AI

Configure your API key to use AI features.