Navigate

CCI-001997

CCI-001997 Definition

The organization employs automated tools to determine if password authenticators are sufficiently strong to satisfy organization-defined requirements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed implements automated tools to check passwords strength per the complexity requirements defined in IA-5 (1) Part A.

Validation Procedures

The organization conducting the inspection/assessment examines the automated tools and inspects the configuration of the automated tools to ensure that they are implemented to check password strength per the complexity requirements defined in IA-5 (1) Part A.

Compelling Evidence

1.) Signed and dated SOP/TTP implementing automated tools to check password strength per the complexity requirements defined in IA-5 (1) Part A.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001997.

Control	Description
IA-5(4)	The organization employs automated tools to determine if password authenticators are sufficiently strong to satisfy [organization-defined requirements].