An error occurred:

© 2025 Xylok, LLC

Version: features-advanced-collector-898c2c - rmfrev4

Navigate

CCI-002366

CCI-002366 Definition

The organization manages information system authenticators by having devices implement specific security safeguards to protect authenticators.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002366.

Control

Description

The organization manages information system authenticators by:

a: Verifying, as part of the initial authenticator distribution, the identity of the individual, group, role, or device receiving the authenticator;

b: Establishing initial authenticator content for authenticators defined by the organization;

c: Ensuring that authenticators have sufficient strength of mechanism for their intended use;

d: Establishing and implementing administrative procedures for initial authenticator distribution, for lost/compromised or damaged authenticators, and for revoking authenticators;

e: Changing default content of authenticators prior to information system installation;

f: Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators;

g: Changing/refreshing authenticators [one of ];

h: Protecting authenticator content from unauthorized disclosure and modification;

i: Requiring individuals to take, and having devices implement, specific security safeguards to protect authenticators; and

j: Changing authenticators for group/role accounts when membership to those accounts changes.