IA-5(6): Protection Of Authenticators

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Next Version:

Control Statement

The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.

Supplemental Guidance

For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems.