3.5 — Identification and Authentication
33 requirements in the Identification and Authentication family
3.5.1Identify System Users Assessment
3.5.1[a]Identify System Users Assessment [a]
3.5.1[b]Identify System Users Assessment [b]
3.5.1[c]Identify System Users Assessment [c]
3.5.2Authenticate Users, Processes, and Devices Assessment
3.5.2[a]Authenticate Users, Processes, and Devices Assessment [a]
3.5.2[b]Authenticate Users, Processes, and Devices Assessment [b]
3.5.2[c]Authenticate Users, Processes, and Devices Assessment [c]
3.5.3Multifactor Authentication Assessment
3.5.3[a]Multifactor Authentication Assessment [a]
3.5.3[b]Multifactor Authentication Assessment [b]
3.5.3[c]Multifactor Authentication Assessment [c]
3.5.3[d]Multifactor Authentication Assessment [d]
3.5.4Replay-Resistant Authentication Assessment
3.5.5Identifier Reuse Assessment
3.5.5[a]Identifier Reuse Assessment [a]
3.5.5[b]Identifier Reuse Assessment [b]
3.5.6Identifier Handling Assessment
3.5.6[a]Identifier Handling Assessment [a]
3.5.6[b]Identifier Handling Assessment [b]
3.5.7Password Complexity Assessment
3.5.7[a]Password Complexity Assessment [a]
3.5.7[b]Password Complexity Assessment [b]
3.5.7[c]Password Complexity Assessment [c]
3.5.7[d]Password Complexity Assessment [d]
3.5.8Password Reuse Assessment
3.5.8[a]Password Reuse Assessment [a]
3.5.8[b]Password Reuse Assessment [b]
3.5.9Temporary Passwords Assessment
3.5.10Cryptographic Key Protection Assessment
3.5.10[a]Cryptographic Key Protection Assessment [a]
3.5.10[b]Cryptographic Key Protection Assessment [b]
3.5.11Obscure Authentication Feedback Assessment