IA-5(7): No Embedded Unencrypted Static Authenticators

Control Family:

Identification And Authentication

Parent Control:

IA-5: Authenticator Management

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
IA-5(7): No Embedded Unencrypted Static Authenticators

Control Statement

The organization ensures that unencrypted static authenticators are not embedded in applications or access scripts or stored on function keys.

Supplemental Guidance

Organizations exercise caution in determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators. This is irrespective of whether that representation is perhaps an encrypted version of something else (e.g., a password).