Automated Support for Password Strength Determination IA-5(4)

Overview:
The organization employs automated tools to determine if password authenticators are sufficiently strong to satisfy [Assignment: organization-defined requirements].

Supplemental Guidance:
This control enhancement focuses on the creation of strong passwords and the characteristics of such passwords (e.g., complexity) prior to use, the enforcement of which is carried out by organizational information systems in IA-5 (1).

Related controls: CA-2, CA-7, RA-5.

Action Items:
1) Implement mechanisms to ensure chose passwords are sufficiently strong

Related Documents:
1) Identity and Access Management Policy

Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none

Moderate Additional FedRAMP Requirements and Guidance
IA-5 (4) Guidance: If automated mechanisms which enforce password authenticator strength at creation are not used, automated mechanisms must be used to audit strength of created password authenticators.