800-53|IA-6

Title

AUTHENTICATOR FEEDBACK

Description

The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Supplemental

The feedback from information systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of information systems or system components, for example, desktops/notebooks with relatively large monitors, the threat (often referred to as shoulder surfing) may be significant. For other types of systems or components, for example, mobile devices with 2-4 inch screens, this threat may be less significant, and may need to be balanced against the increased likelihood of typographic input errors due to the small keyboards. Therefore, the means for obscuring the authenticator feedback is selected accordingly. Obscuring the feedback of authentication information includes, for example, displaying asterisks when users type passwords into input devices, or displaying feedback for a very limited time before fully obscuring it.

Reference Item Details

Related: PE-18

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.12 Configure 'Interactive logon: Display user information when the session is locked'WindowsCIS Windows 8 L1 v1.0.0
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS CentOS Linux 7 v4.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Debian Linux 12 v1.1.0 L1 Workstation
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 7 v4.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Debian Linux 12 v1.1.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 8 Server L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 8 Workstation L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat EL8 Workstation L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 8 Server L1 v2.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 8 Workstation L1 v2.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 8 Workstation L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat EL8 Server L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 8 Server L1 v3.0.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.9 L1 v1.3.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.15 Do not enter a password-related hintUnixCIS Apple macOS 10.13 L1 v1.1.0
5.16 Do not enter a password-related hintUnixCIS Apple macOS 10.12 L1 v1.2.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
6.1.2 Disable 'Show password hints' - Show password hintsUnixCIS Apple macOS 10.13 L1 v1.1.0
6.1.2 Disable 'Show password hints' - Show password hintsUnixCIS Apple macOS 10.12 L1 v1.2.0
6.1.2 Disable "Show password hints"UnixCIS Apple OSX 10.9 L1 v1.3.0
APPL-14-003012 - The macOS system must disable password hints.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-14-003014 - The macOS system must remove password hints from user accounts.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-003012 - The macOS system must disable password hints.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
APPL-15-003014 - The macOS system must remove password hints from user accounts.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low