CCI-001998

Require developers and installers of system components to provide unique authenticators or change default authenticators prior to delivery and installation.

Implementation Guidance

Determine if developers and installers of system components are required to provide unique authenticators or change default authenticators prior to delivery and installation.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; system security plan; system and services acquisition policy; procedures addressing authenticator management; procedures addressing the integration of security requirements into the acquisition process; acquisition documentation; acquisition contracts for system procurements or services; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with authenticator management responsibilities; organizational personnel with information security, acquisition, and contracting responsibilities; system developers]. Test: [SELECT FROM: Mechanisms supporting and/or implementing authenticator management capability].

The controls below (if any) were marked by NIST as being related to CCI-001998.