IAM-12: User ID Credentials

CSF v1.1 References:

PF v1.0 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IAM-02: Strong Password Policy and Procedures.

Control Statement

Internal corporate or customer (tenant) user account credentials shall be restricted as per the following, ensuring appropriate identity, entitlement, and access management and in accordance with established policies and procedures:

  • Identity trust verification and service-to-service application (API) and information processing interoperability (e.g., SSO and Federation)
  • Account credential lifecycle management from instantiation through revocation
  • Account credential and/or identity store minimization or re-use when feasible
  • Adherence to industry acceptable and/or regulatory compliant authentication, authorization, and accounting (AAA) rules (e.g., strong/multi-factor, expireable, non-shared authentication secrets)

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.