Navigate

CCI-001610

CCI-001610 Definition

Defines the time-period (by authenticator type) for changing/refreshing authenticators.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if system authenticators are managed through the change or refreshment of authenticators [IA-05_ODP[01]; a time period for changing or refreshing authenticators by authenticator type is defined] or when [IA-05_ODP[02]; events that trigger the change or refreshment of authenticators are defined] occur.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; system security plan; addressing authenticator management; system design documentation; system configuration settings and associated documentation; list of system authenticator types; change control records associated with managing system authenticators; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with authenticator management responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting and/or implementing authenticator management capability].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001610.

Control	Description
IA-5	Manage system authenticators by: a: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator; b: Establishing initial authenticator content for any authenticators issued by the organization; c: Ensuring that authenticators have sufficient strength of mechanism for their intended use; d: Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators; e: Changing default authenticators prior to first use; f: Changing or refreshing authenticators [a time period for changing or refreshing authenticators by authenticator type is defined;] or when [events that trigger the change or refreshment of authenticators are defined;] occur; g: Protecting authenticator content from unauthorized disclosure and modification; h: Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and i: Changing authenticators for group or role accounts when membership to those accounts changes.

Control

Description

IA-5

Manage system authenticators by:

a: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;

b: Establishing initial authenticator content for any authenticators issued by the organization;

c: Ensuring that authenticators have sufficient strength of mechanism for their intended use;

d: Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;

e: Changing default authenticators prior to first use;

f: Changing or refreshing authenticators [a time period for changing or refreshing authenticators by authenticator type is defined;] or when [events that trigger the change or refreshment of authenticators are defined;] occur;

g: Protecting authenticator content from unauthorized disclosure and modification;

h: Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and

i: Changing authenticators for group or role accounts when membership to those accounts changes.