Identification and Authentication

Overview:Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts. Action Items:3.5.4[a]Determine if: replay-resistant authentication mechanisms are implemented for network account access to... Read More

Overview:Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. Action Items:3.5.2[a]Determine if: the identity of each user is authenticated or... Read More

Overview:Obscure feedback of authentication information. Action Items:3.5.11[a]Determine if: authentication information is obscured during the authentication process. POTENTIAL ASSESSMENT METHODS AND OBJECTS 1Examine: Identification and... Read More

Overview:Disable identifiers after a defined period of inactivity. Action Items:3.5.6[a]Determine if: a period of inactivity after which an identifier is disabled is defined. 3.5.6[b]Determine if: identifiers are disabled after the defined period of... Read More

Overview:Identify information system users, processes acting on behalf of users, or devices. Action Items:3.5.1[a]Determine if: system users are identified. 3.5.1[b]Determine if: processes acting on behalf of users are identified. 3.5.1[c]Determine... Read More

Overview:Prevent reuse of identifiers for a defined period. Action Items:3.5.5[a]Determine if: a period within which identifiers cannot be reused is defined. 3.5.5[b]Determine if: reuse of identifiers is prevented within the defined period. POTENTIAL... Read More

Overview:Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts. Action Items:3.5.3[a]Determine if: privileged accounts are identified. 3.5.3[b]Determine if: multifactor... Read More

Overview:Enforce a minimum password complexity and change of characters when new passwords are created. Action Items:3.5.7[a]Determine if: password complexity requirements are defined. 3.5.7[b]Determine if: password change of character requirements... Read More

Overview:Prohibit password reuse for a specified number of generations. Action Items:3.5.8[a]Determine if: the number of generations during which a password cannot be reused is specified. 3.5.8[b]Determine if: reuse of passwords is prohibited during... Read More

Overview:Store and transmit only encrypted representation of passwords. Action Items:3.5.10[a]Determine if: passwords are cryptographically protected in storage. 3.5.10[b]Determine if: passwords are cryptographically protected in transit. POTENTIAL... Read More