Identification and Authentication

3.5.1

Identify system users, processes acting on behalf of users, and devices.

IA.L1-3.5.1 · 3 objectives

L1

›

3.5.10

Store and transmit only cryptographically-protected passwords.

IA.L2-3.5.10 · 2 objectives

L2

›

3.5.11

Obscure feedback of authentication information.

IA.L2-3.5.11 · 1 objective

L2

›

3.5.2

Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to...

IA.L1-3.5.2 · 3 objectives

L1

›

3.5.3

Use multifactor authentication for local and network access to privileged accounts and for network...

IA.L2-3.5.3 · 4 objectives

L2

›

3.5.4

Employ replay-resistant authentication mechanisms for network access to privileged and...

IA.L2-3.5.4 · 1 objective

L2

›

3.5.5

Prevent reuse of identifiers for a defined period.

IA.L2-3.5.5 · 2 objectives

L2

›

3.5.6

Disable identifiers after a defined period of inactivity.

IA.L2-3.5.6 · 2 objectives

L2

›

3.5.7

Enforce a minimum password complexity and change of characters when new passwords are created.

IA.L2-3.5.7 · 4 objectives

L2

›

3.5.8

Prohibit password reuse for a specified number of generations.

IA.L2-3.5.8 · 2 objectives

L2

›

3.5.9

Allow temporary password use for system logons with an immediate change to a permanent password

IA.L2-3.5.9 · 1 objective

L2

›