IA-5(4): Automated Support For Password Strength Determination

Control Family:

Identification And Authentication

Parent Control:

IA-5: Authenticator Management

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

Threats Addressed:

Spoofing

Baselines:

(Not part of any baseline)

Control is withdrawn in the next version of this control set and incorporated into: IA-5(1): Password-based Authentication.

Control Statement

The organization employs automated tools to determine if password authenticators are sufficiently strong to satisfy [Assignment: organization-defined requirements].

Supplemental Guidance

This control enhancement focuses on the creation of strong passwords and the characteristics of such passwords (e.g., complexity) prior to use, the enforcement of which is carried out by organizational information systems in IA-5 (1).