Back

Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete.


CONTROL ID
06555
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain configuration control and Configuration Status Accounting., CC ID: 00863

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Does the password policy for systems that transmit scoped systems and data include a policy to not include passwords in automated logon processes? (stored in a macro or function key)? (§ H.4.1.6, Shared Assessments Standardized Information Gathering Questionnaire - H. Access Control, 7.0)
  • Does the password policy for systems that process scoped systems and data include a policy to not include passwords in automated logon processes? (stored in a macro or function key)? (§ H.4.1.6, Shared Assessments Standardized Information Gathering Questionnaire - H. Access Control, 7.0)
  • Does the password policy for systems that store scoped systems and data include a policy to not include passwords in automated logon processes? (stored in a macro or function key)? (§ H.4.1.6, Shared Assessments Standardized Information Gathering Questionnaire - H. Access Control, 7.0)
  • For Oracle, the organization must verify that the configuration files do not contain passwords after the installation is completed whenever silent installs are used. (Table F-9, CMS Business Partners Systems Security Manual, Rev. 10)