Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: NIST 800-171-SECURITY FAMILIES

5 IDENTIFICATION AND AUTHENTICATION

Scroll Prev Top Next More

Basic Security Requirements:

5.1 Identify information system users, processes acting on behalf of users, or devices.

5.2 Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.

Derived Security Requirements:

5.3 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

5.4 Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.

5.5 Prevent reuse of identifiers for a defined period.

5.6 Disable identifiers after a defined period of inactivity.

5.7 Enforce a minimum password complexity and change of characters when new passwords are created.

5.8 Prohibit password reuse for a specified number of generations.

5.9 Allow temporary password use for system logons with an immediate change to a permanent password.

5.10 Store and transmit only encrypted representation of passwords.

5.11 Obscure feedback of authentication information.

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056