500.7(c)(2)—500.7(c)(2)
>Control Description
an automated method of blocking commonly used passwords for all accounts on information systems owned or controlled by the class A company and wherever feasible for all other accounts. To the extent the class A company determines that blocking commonly used passwords is infeasible, the covered entity’s CISO may instead approve in writing at least annually the infeasibility and the use of reasonably equivalent or more secure compensating controls.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.