IAM-13: Password Authentication

>Control Description

User and device authentication to privileged information systems is protected by passwords that meet Organization's password complexity requirements.

Theme

Technology

Type

Preventive

Policy/Standard

Access Management Procedure

>Implementation Guidance

1. Ensure that user and device authentication to privileged information systems is protected by passwords that meet Organization's password complexity requirements.

>Testing Procedure

1. Inspect Organization's Authentication Standard to determine whether the policies contain requirements for the creation, allocation, change, distribution, and safeguarding of passwords. 2. Inspect the accessmanagement tool setting to determine password complexity, consecutive re-use, and change frequency requirements of passwords is in accordance with organization password complexity requirements.

>Audit Artifacts

E-IAM-16

E-IAM-18

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

IAM-13—Password Authentication

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

ISO 27002:2022
2

FedRAMP Rev 5
2

PCI DSS
3

HIPAA Security Rule
2

SOC 2
1

Cyber Essentials
2

BSI C5
5

TX-RAMP
2

Ask AI

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

ISO 27002:20222

FedRAMP Rev 52

PCI DSS3

HIPAA Security Rule2

SOC 21

Cyber Essentials2

BSI C55

TX-RAMP2

Ask AI

ISO 27002:2022
2

FedRAMP Rev 5
2

PCI DSS
3

HIPAA Security Rule
2

SOC 2
1

Cyber Essentials
2

BSI C5
5

TX-RAMP
2