Control Category: Identification and Authentication
-
Unique user accounts
Read more: Unique user accountsCreate a unique, non-privileged, account for each user. Assign a different password for user and administrative accounts.
-
Use strong passwords
Read more: Use strong passwordsUse strong passwords. Change authentication keys e.g., password, certificate, regularly – at least annually.
-
Don’t reuse passwords
Read more: Don’t reuse passwordsDo not reuse passwords for multiple services. Do not use your Kerberos password for non-Kerberos enabled systems.
-
Compromised passwords
Read more: Compromised passwordsChange passwords immediately if a compromise is suspected.
-
Encrypt passwords
Read more: Encrypt passwordsStore and transmit only encrypted passwords.
-
Default passwords
Read more: Default passwordsChange default or vendor-supplied passwords and remove default accounts.
-
Password at startup
Read more: Password at startupEnable password protection at startup.
-
Multi-factor authentication Endpoints
Read more: Multi-factor authentication EndpointsUtilize multi-factor authentication for remote access.
-
Multi-factor authentication on Servers and Applications
Read more: Multi-factor authentication on Servers and ApplicationsUtilize multi-factor authentication for remote interactive user and administrator logins