CCI-001998

Require developers and installers of system components to provide unique authenticators or change default authenticators prior to delivery and installation.

Implementation Guidance

The organization being inspected/assessed documents and enforces a requirement for developers/installers of information system components to provide unique authenticators or change default authenticators prior to delivery/installation.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented requirements placed upon developers/installers of information system components to ensure that there is a documented requirement to provide unique authenticators or change default authenticators prior to delivery/installation.

Compelling Evidence

1.) Signed and dated SOP/TTP documenting the enforcement of requirement for developers/installers of information system components to provide unique authenticators or change default authenticators prior to delivery/installation.

The controls below (if any) were marked by NIST as being related to CCI-001998.