IA.L2-3.5.9—Temporary Passwords
Level 2
800-171: 3.5.9
>Control Description
Allow temporary password use for system logons with an immediate change to a permanent password.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your policy and process for issuing temporary passwords?
- •How do you ensure temporary passwords are changed immediately upon first use?
- •What is your procedure for securely communicating temporary passwords to users?
- •Who is authorized to issue temporary passwords?
Technical Implementation:
- •What mechanisms generate temporary passwords?
- •How do you enforce immediate password change on first logon?
- •What systems flag temporary passwords for mandatory change?
- •How are temporary passwords securely transmitted to users?
- •What technical controls ensure temporary passwords expire if not used?
Evidence & Documentation:
- •What authentication policy documentation can you provide?
- •What password policy settings and configurations can you show?
- •What MFA enrollment and usage reports demonstrate compliance?
- •What account management documentation shows account lifecycle?
- •What authentication logs demonstrate enforcement?
- •What screenshots show authentication configurations?
Ask AI
Configure your API key to use AI features.