800-53|IA-5(1)

Title

PASSWORD-BASED AUTHENTICATION

Description

The information system, for password-based authentication:

Supplemental

This control enhancement applies to single-factor authentication of individuals using passwords as individual or group authenticators, and in a similar manner, when passwords are part of multifactor authenticators. This control enhancement does not apply when passwords are used to unlock hardware authenticators (e.g., Personal Identity Verification cards). The implementation of such password mechanisms may not meet all of the requirements in the enhancement. Cryptographically-protected passwords include, for example, encrypted versions of passwords and one-way cryptographic hashes of passwords. The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. Password lifetime restrictions do not apply to temporary passwords. To mitigate certain brute force attacks against passwords, organizations may also consider salting passwords.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: IA-6

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1 - Strong Password policy should be implemented - Minimum Lowercase Characters	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
1.1 - Strong Password policy should be implemented - Minimum Lowercase Characters	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
1.1 - Strong Password policy should be implemented - Minimum Numeric Characters	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
1.1 - Strong Password policy should be implemented - Minimum Numeric Characters	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
1.1 - Strong Password policy should be implemented - Minimum Numeric or Special Characters	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
1.1 - Strong Password policy should be implemented - Minimum Password Length	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
1.1 - Strong Password policy should be implemented - Minimum Password Length	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
1.1 - Strong Password policy should be implemented - Minimum Special Characters	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
1.1 - Strong Password policy should be implemented - Minimum Uppercase Characters	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
1.1 - Strong Password policy should be implemented - Minimum Uppercase Characters	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
1.1 - Strong Password policy should be implemented - Non-Alphanumeric Characters	Windows	TNS Oracle WebLogic Server 10 Windows Best Practices
1.1 - Strong Password policy should be implemented - Non-Alphanumeric Characters	Unix	TNS Oracle WebLogic Server 10 Linux Best Practices
1.1 Ensure Minimum Password Length is set to 14 or higher	CheckPoint	CIS Check Point Firewall L1 v1.1.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS

Detections

Analytics