IA-5(7): No Embedded Unencrypted Static Authenticators

Control Family:

Identification and Authentication

Parent Control:

IA-5: Authenticator Management

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

Threats Addressed:

Spoofing
Information Disclosure

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
IA-5(7): No Embedded Unencrypted Static Authenticators

Control Statement

Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.

Supplemental Guidance

In addition to applications, other forms of static storage include access scripts and function keys. Organizations exercise caution when determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators.