>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IA-5(1)Authenticator Management

PBMM (P1)
Secret (P1)
Technical

>Control Description

AUTHENTICATOR MANAGEMENT | PASSWORD-BASED AUTHENTICATION (a) The information system, for password-based authentication, enforces minimum password complexity of organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type; (b) The information system, for password-based authentication, enforces at least the following number of changed characters when new passwords are created: organization-defined number; (c) The information system, for password-based authentication, stores and transmits only cryptographically-protected passwords; (d) The information system, for password-based authentication, enforces password minimum and maximum lifetime restrictions of organization-defined numbers for lifetime minimum, lifetime maximum; (e) The information system, for password-based authentication prohibits password reuse for organization-defined number generations; and (f) The information system, for password-based authentication allows the use of a temporary password for system logons with an immediate change to a permanent password.

>Supplemental Guidance

This control enhancement applies to single-factor authentication of individuals using passwords as individual or group authenticators, and in a similar manner, when passwords are part of multifactor authenticators. This control enhancement does not apply when passwords are used to unlock hardware authenticators (e.g., Personal Identity Verification cards). The implementation of such password mechanisms may not meet all of the requirements in the enhancement.

Cryptographically-protected passwords include, for example, encrypted versions of passwords and one-way cryptographic hashes of passwords. The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. Password lifetime restrictions do not apply to temporary passwords.

To mitigate certain brute force attacks against passwords, organizations may also consider salting passwords. Related control: IA-6.

>Profile-Specific Parameters

(1) [case sensitive, 8 character, at least one upper case, lower case, number, and special character]

Ask AI

Configure your API key to use AI features.