IA-5(4): Automated Support For Password Strength Determination

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IA-5(1): Password-based Authentication.

Control Statement

The organization employs automated tools to determine if password authenticators are sufficiently strong to satisfy [Assignment: organization-defined requirements].

Supplemental Guidance

This control enhancement focuses on the creation of strong passwords and the characteristics of such passwords (e.g., complexity) prior to use, the enforcement of which is carried out by organizational information systems in IA-5 (1).