Detections
Analytics

800-53|IA-6

Title

AUTHENTICATOR FEEDBACK

Description

The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Supplemental

The feedback from information systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of information systems or system components, for example, desktops/notebooks with relatively large monitors, the threat (often referred to as shoulder surfing) may be significant. For other types of systems or components, for example, mobile devices with 2-4 inch screens, this threat may be less significant, and may need to be balanced against the increased likelihood of typographic input errors due to the small keyboards. Therefore, the means for obscuring the authenticator feedback is selected accordingly. Obscuring the feedback of authentication information includes, for example, displaying asterisks when users type passwords into input devices, or displaying feedback for a very limited time before fully obscuring it.

Reference Item Details

Related: PE-18

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.12 Configure 'Interactive logon: Display user information when the session is locked'WindowsCIS Windows 8 L1 v1.0.0
1.1.9 Do not enter a password-related hintUnixCIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.4.2.4 Disable 'Show password hints'UnixCIS Apple OSX 10.6 Snow Leopard L1 v1.0.0
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS CentOS Linux 7 v4.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS CentOS Linux 7 v4.0.0 L1 Workstation
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 7 v4.0.0 L1 Server
1.7.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 7 v4.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 8 Server L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 8 Workstation L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat EL8 Workstation L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 8 Server L1 v2.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 8 Workstation L1 v2.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 9 v2.0.0 L1 Workstation
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Rocky Linux 9 v2.0.0 L1 Server
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Oracle Linux 8 Server L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS Red Hat EL8 Server L1 v3.0.0
1.8.3 Ensure GDM disable-user-list option is enabledUnixCIS AlmaLinux OS 8 Workstation L1 v3.0.0
1.8.3 Ensure last logged in user display is disabled - disable user listUnixCIS Red Hat EL7 Workstation L1 v3.1.1
1.8.3 Ensure last logged in user display is disabled - disable user listUnixCIS Red Hat EL7 Server L1 v3.1.1
2.4.2.4 Disable 'Show password hints'UnixCIS Apple OSX 10.5 Leopard L1 v1.0.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.11 El Capitan L1 v1.0.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.9 L1 v1.3.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.10 Yosemite L1 v1.1.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.15 Do not enter a password-related hintUnixCIS Apple macOS 10.14 v1.3.0 L1
5.15 Do not enter a password-related hintUnixCIS Apple macOS 10.15 v1.3.0 L1
5.15 Do not enter a password-related hintUnixCIS Apple macOS 11 v1.1.0 L1
5.15 Do not enter a password-related hintUnixCIS Apple OSX 10.9 Mavericks L1 v1.0.0
5.15 Do not enter a password-related hintUnixCIS Apple macOS 10.13 L1 v1.1.0
5.16 Do not enter a password-related hintUnixCIS Apple macOS 10.12 L1 v1.1.0
5.16 Do not enter a password-related hintUnixCIS Apple macOS 10.12 L1 v1.2.0
5.19 Do not enter a password-related hintUnixCIS Apple macOS 10.13 L1 v1.0.0
6.1.2 Disable 'Show password hints'UnixCIS Apple macOS 10.13 L1 v1.0.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
6.1.2 Disable 'Show password hints'UnixCIS Apple macOS 10.12 L1 v1.1.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.9 Mavericks L1 v1.0.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.10 Yosemite L1 v1.1.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.11 El Capitan L1 v1.0.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
6.1.2 Disable 'Show password hints' - Show password hintsUnixCIS Apple macOS 10.13 L1 v1.1.0
6.1.2 Disable "Show password hints"UnixCIS Apple OSX 10.9 L1 v1.3.0