Back

Establish, implement, and maintain authenticators.


CONTROL ID
15305
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain an authenticator standard., CC ID: 01702
  • Protect authenticators or authentication factors from unauthorized modification and disclosure., CC ID: 15317
  • Obscure authentication information during the login process., CC ID: 15316
  • Change authenticators, as necessary., CC ID: 15315
  • Implement safeguards to protect authenticators from unauthorized access., CC ID: 15310
  • Change all default authenticators., CC ID: 15309


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure credentials unused for 45 days or greater are disabled Description: AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed. Rati… (1.12, CIS Amazon Web Services Foundations Benchmark, v1.4.0, Level 1)
  • Ensure credentials unused for 45 days or greater are disabled Description: AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed. Rati… (1.12, CIS Amazon Web Services Foundations Benchmark, v1.4.0, Level 2)
  • initialize authenticator content; (5.7.1 ¶ 1(h), IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • support the use of initial authenticator content; (5.7.1 ¶ 1 a), IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • If passwords/passphrases are used as the only authentication factor for user access, inspect system configuration settings to verify that passwords/passphrases are managed in accordance with ONE of the elements specified in this requirement. (8.3.9, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Additional testing procedure for service provider assessments only: If passwords/passphrases are used as the only authentication factor for customer user access, inspect system configuration settings to verify that passwords/passphrases are managed in accordance with ONE of the elements specified in… (8.3.10.1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine user account lists on system components and applicable documentation to verify that shared authentication credentials are only used when necessary, on an exception basis, and are managed in accordance with all elements specified in this requirement. (8.2.2.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)