Navigate

CCI-001984

CCI-001984 Definition

Manage system authenticators by establishing administrative procedures for revoking authenticators.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if system authenticators are managed through the establishment and implementation of administrative procedures for initial authenticator distribution; lost, compromised, or damaged authenticators; and the revocation of authenticators.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; system security plan; addressing authenticator management; system design documentation; system configuration settings and associated documentation; list of system authenticator types; change control records associated with managing system authenticators; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with authenticator management responsibilities; organizational personnel with information security responsibilities; system/network administrators]. Test: [SELECT FROM: Mechanisms supporting and/or implementing authenticator management capability].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001984.

Control	Description
IA-5	Manage system authenticators by: a: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator; b: Establishing initial authenticator content for any authenticators issued by the organization; c: Ensuring that authenticators have sufficient strength of mechanism for their intended use; d: Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators; e: Changing default authenticators prior to first use; f: Changing or refreshing authenticators [a time period for changing or refreshing authenticators by authenticator type is defined;] or when [events that trigger the change or refreshment of authenticators are defined;] occur; g: Protecting authenticator content from unauthorized disclosure and modification; h: Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and i: Changing authenticators for group or role accounts when membership to those accounts changes.

Control

Description

IA-5

Manage system authenticators by:

a: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, service, or device receiving the authenticator;

b: Establishing initial authenticator content for any authenticators issued by the organization;

c: Ensuring that authenticators have sufficient strength of mechanism for their intended use;

d: Establishing and implementing administrative procedures for initial authenticator distribution, for lost or compromised or damaged authenticators, and for revoking authenticators;

e: Changing default authenticators prior to first use;

f: Changing or refreshing authenticators [a time period for changing or refreshing authenticators by authenticator type is defined;] or when [events that trigger the change or refreshment of authenticators are defined;] occur;

g: Protecting authenticator content from unauthorized disclosure and modification;

h: Requiring individuals to take, and having devices implement, specific controls to protect authenticators; and

i: Changing authenticators for group or role accounts when membership to those accounts changes.