💼 IA-5 AUTHENTICATOR MANAGEMENT

• Contextual name: 💼 IA-5 AUTHENTICATOR MANAGEMENT
• ID: /frameworks/nist-sp-800-53-r4/ia/05
• Located in: 💼 IA IDENTIFICATION AND AUTHENTICATION

Description

The organization manages information system authenticators by: IA-5a. Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator; IA-5b. Establishing initial authenticator content for authenticators defined by the organization; IA-5c. Ensuring that authenticators have sufficient strength of mechanism for their intended use; IA-5d. Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators; IA-5e. Changing default content of authenticators prior to information system installation; IA-5f. Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators; IA-5g. Changing/refreshing authenticators [Assignment: organization-defined time period by authenticator type]; IA-5h. Protecting authenticator content from unauthorized disclosure and modification; IA-5i. Requiring individuals to take, and having devices implement, specific security safeguards to protect authenticators; and IA-5j. Changing authenticators for group/role accounts when membership to those accounts changes.

Similar

• Internal
  • ID: dec-c-3876a2ac

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes		19	30
💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions		4	13
💼 NIST CSF v1.1 → 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)		19	23

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 IA-5 (1) PASSWORD-BASED AUTHENTICATION
💼 IA-5 (2) PKI-BASED AUTHENTICATION
💼 IA-5 (3) IN-PERSON OR TRUSTED THIRD-PARTY REGISTRATION
💼 IA-5 (4) AUTOMATED SUPPORT FOR PASSWORD STRENGTH DETERMINATION
💼 IA-5 (5) CHANGE AUTHENTICATORS PRIOR TO DELIVERY
💼 IA-5 (6) PROTECTION OF AUTHENTICATORS
💼 IA-5 (7) NO EMBEDDED UNENCRYPTED STATIC AUTHENTICATORS
💼 IA-5 (8) MULTIPLE INFORMATION SYSTEM ACCOUNTS
💼 IA-5 (9) CROSS-ORGANIZATION CREDENTIAL MANAGEMENT
💼 IA-5 (10) DYNAMIC CREDENTIAL ASSOCIATION
💼 IA-5 (11) HARDWARE TOKEN-BASED AUTHENTICATION
💼 IA-5 (12) BIOMETRIC-BASED AUTHENTICATION
💼 IA-5 (13) EXPIRATION OF CACHED AUTHENTICATORS		1	1
💼 IA-5 (14) MANAGING CONTENT OF PKI TRUST STORES
💼 IA-5 (15) FICAM-APPROVED PRODUCTS AND SERVICES

Policies (2)

Policy	Logic Count	Flags
📝 AWS Account IAM Password Policy Number of passwords to remember is not set to 24 🟢	1	🟢 x6
📝 AWS IAM User with console and programmatic access set during the initial creation 🟢		🟢 x3

Internal Rules

Rule	Policies	Flags
✉️ dec-x-b10e98af	1
✉️ dec-x-f7c2faac	1