Skip to main content

💼 IA-5(1) Authenticator Management | Password-based Authentication

  • ID: /frameworks/nist-sp-800-53-r5/ia/05/01

Stats

not available

Description

For password-based authentication: (a) Maintain a list of commonly-used, expected, or compromised passwords and update the list [Assignment: organization-defined frequency] and when organizational passwords are suspected to have been compromised directly or indirectly; (b) Verify, when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5(1)(a); (c) Transmit passwords only over cryptographically-protected channels; (d) Store passwords using an approved salted key derivation function, preferably using a keyed hash; (e) Require immediate selection of a new password upon account recovery; (f) Allow user selection of long passwords and passphrases, including spaces and all printable characters; (g) Employ automated tools to assist the user in selecting strong password authenticators; and (h) Enforce the following composition and complexity rules: [Assignment: organization-defined composition and complexity rules].

Similar

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/api-gateway/02
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/03
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/07
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/08
    • /frameworks/aws-fsbp-v1.0.0/cloudfront/10
    • /frameworks/aws-fsbp-v1.0.0/elasticache/05
    • /frameworks/aws-fsbp-v1.0.0/elb/01
    • /frameworks/aws-fsbp-v1.0.0/elb/02
    • /frameworks/aws-fsbp-v1.0.0/elb/03
    • /frameworks/aws-fsbp-v1.0.0/elb/08
    • /frameworks/aws-fsbp-v1.0.0/elb/17
    • /frameworks/aws-fsbp-v1.0.0/es/08
    • /frameworks/aws-fsbp-v1.0.0/iam/07
    • /frameworks/aws-fsbp-v1.0.0/opensearch/08
    • /frameworks/aws-fsbp-v1.0.0/s3/05
  • Internal
    • ID: dec-c-3ce32756

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [APIGateway.2] API Gateway REST API stages should be configured to use SSL certificates for backend authentication"11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.3] CloudFront distributions should require encryption in transit11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.7] CloudFront distributions should use custom SSL/TLS certificates11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [CloudFront.10] CloudFront distributions should not use deprecated SSL protocols between edge locations and custom origins11no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ElastiCache.5] ElastiCache replication groups should be encrypted in transit1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.1] Application Load Balancer should be configured to redirect all HTTP requests to HTTPS1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.2] Classic Load Balancers with SSL/HTTPS listeners should use a certificate provided by AWS Certificate Managerno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.3] Classic Load Balancer listeners should be configured with HTTPS or TLS terminationno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.8] Classic Load Balancers with SSL listeners should use a predefined security policy that has strong AWS Configurationno data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ELB.17] Application and Network Load Balancers with listeners should use recommended security policies1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ES.8] Connections to Elasticsearch domains should be encrypted using the latest TLS security policy1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [IAM.7] Password policies for IAM users should have strong configurations13no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [Opensearch.8] Connections to OpenSearch domains should be encrypted using the latest TLS security policy1no data
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [S3.5] S3 general purpose buckets should require requests to use SSL11no data

Similar Sections (Give Policies To)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 FedRAMP High Security Controls → 💼 IA-5(1) Password-based Authentication (L)(M)(H)113no data
💼 FedRAMP Low Security Controls → 💼 IA-5(1) Password-based Authentication (L)(M)(H)13no data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (13)

PolicyLogic CountFlagsCompliance
🛡️ AWS Account does not have an IAM Password Policy🟢1🟢 x6no data
🛡️ AWS Account IAM Password Policy minimum password length is 14 characters or less🟢1🟢 x6no data
🛡️ AWS Account IAM Password Policy Number of passwords to remember is not set to 24🟢1🟢 x6no data
🛡️ AWS API Gateway REST API Stage is not configured to use an SSL certificate for authentication🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution Cache Behaviors allow unencrypted traffic🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses default SSL/TLS certificate🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses Dedicated IP for SSL🟢1🟢 x6no data
🛡️ AWS CloudFront Web Distribution uses outdated SSL protocols with Custom Origins🟢1🟢 x6no data
🛡️ AWS ElastiCache Replication Group is not encrypted in-transit🟢1🟢 x6no data
🛡️ AWS ELB Application Load Balancer is not configured to redirect HTTP to HTTPS🟢1🟢 x6no data
🛡️ AWS ELB Load Balancer listener is configured with an outdated security policy🟢1🟢 x6no data
🛡️ AWS OpenSearch Domain is not encrypted with the latest TLS policy🟢1🟢 x6no data
🛡️ AWS S3 Bucket Policy is not set to deny HTTP requests🟢1🟢 x6no data