CCI-004069

Ensure that the unencrypted static authenticators are not embedded in applications or other forms of static storage.

Implementation Guidance

Determine if unencrypted static authenticators are not embedded in applications or other forms of static storage.

Validation Procedures

Examine: [SELECT FROM: Identification and authentication policy; system security plan; procedures addressing authenticator management; system design documentation; system configuration settings and associated documentation; logical access scripts; application code reviews for detecting unencrypted static authenticators; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with authenticator management responsibilities; organizational personnel with information security responsibilities; system/network administrators; system developers]. Test: [SELECT FROM: Mechanisms supporting and/or implementing authenticator management capability; mechanisms implementing authentication in applications].

The controls below (if any) were marked by NIST as being related to CCI-004069.