💼 IA-5 AUTHENTICATOR MANAGEMENT

• ID: /frameworks/nist-sp-800-53-r4/ia/05

Description

The organization manages information system authenticators by: IA-5a. Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator; IA-5b. Establishing initial authenticator content for authenticators defined by the organization; IA-5c. Ensuring that authenticators have sufficient strength of mechanism for their intended use; IA-5d. Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators; IA-5e. Changing default content of authenticators prior to information system installation; IA-5f. Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators; IA-5g. Changing/refreshing authenticators [Assignment: organization-defined time period by authenticator type]; IA-5h. Protecting authenticator content from unauthorized disclosure and modification; IA-5i. Requiring individuals to take, and having devices implement, specific security safeguards to protect authenticators; and IA-5j. Changing authenticators for group/role accounts when membership to those accounts changes.

Similar

• Internal
  • ID: dec-c-3876a2ac

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes		19	34		no data
💼 NIST CSF v1.1 → 💼 PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions		4	13		no data
💼 NIST CSF v1.1 → 💼 PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks)		19	23		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 IA-5 (1) PASSWORD-BASED AUTHENTICATION					no data
💼 IA-5 (2) PKI-BASED AUTHENTICATION					no data
💼 IA-5 (3) IN-PERSON OR TRUSTED THIRD-PARTY REGISTRATION					no data
💼 IA-5 (4) AUTOMATED SUPPORT FOR PASSWORD STRENGTH DETERMINATION					no data
💼 IA-5 (5) CHANGE AUTHENTICATORS PRIOR TO DELIVERY					no data
💼 IA-5 (6) PROTECTION OF AUTHENTICATORS					no data
💼 IA-5 (7) NO EMBEDDED UNENCRYPTED STATIC AUTHENTICATORS					no data
💼 IA-5 (8) MULTIPLE INFORMATION SYSTEM ACCOUNTS					no data
💼 IA-5 (9) CROSS-ORGANIZATION CREDENTIAL MANAGEMENT					no data
💼 IA-5 (10) DYNAMIC CREDENTIAL ASSOCIATION					no data
💼 IA-5 (11) HARDWARE TOKEN-BASED AUTHENTICATION					no data
💼 IA-5 (12) BIOMETRIC-BASED AUTHENTICATION					no data
💼 IA-5 (13) EXPIRATION OF CACHED AUTHENTICATORS		1	1		no data
💼 IA-5 (14) MANAGING CONTENT OF PKI TRUST STORES					no data
💼 IA-5 (15) FICAM-APPROVED PRODUCTS AND SERVICES					no data

Policies (2)

Policy	Logic Count	Flags	Compliance
🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢	1	🟢 x6	no data
🛡️ AWS IAM User with console and programmatic access set during the initial creation🟢⚪		🟢 x2, ⚪ x1	no data

Internal Rules

Rule	Policies	Flags
✉️ dec-x-b10e98af	1
✉️ dec-x-f7c2faac	1