| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IA-5(6) |
FedRAMP_High_R4_IA-5(6) |
FedRAMP High IA-5 (6) |
Identification And Authentication |
Protection Of Authenticators |
Shared |
n/a |
The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.
Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. |
link |
1 |
| FedRAMP_Moderate_R4 |
IA-5(6) |
FedRAMP_Moderate_R4_IA-5(6) |
FedRAMP Moderate IA-5 (6) |
Identification And Authentication |
Protection Of Authenticators |
Shared |
n/a |
The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.
Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. |
link |
1 |
| hipaa |
0306.09q1Organizational.3-09.q |
hipaa-0306.09q1Organizational.3-09.q |
0306.09q1Organizational.3-09.q |
03 Portable Media Security |
0306.09q1Organizational.3-09.q 09.07 Media Handling |
Shared |
n/a |
The status and location of unencrypted covered information is maintained and monitored. |
|
6 |
| NIST_SP_800-171_R2_3 |
.5.10 |
NIST_SP_800-171_R2_3.5.10 |
NIST SP 800-171 R2 3.5.10 |
Identification and Authentication |
Store and transmit only cryptographically-protected passwords. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Cryptographically-protected passwords use salted one-way cryptographic hashes of passwords. See [NIST CRYPTO]. |
link |
9 |
| NIST_SP_800-53_R4 |
IA-5(6) |
NIST_SP_800-53_R4_IA-5(6) |
NIST SP 800-53 Rev. 4 IA-5 (6) |
Identification And Authentication |
Protection Of Authenticators |
Shared |
n/a |
The organization protects authenticators commensurate with the security category of the information to which use of the authenticator permits access.
Supplemental Guidance: For information systems containing multiple security categories of information without reliable physical or logical separation between categories, authenticators used to grant access to the systems are protected commensurate with the highest security category of information on the systems. |
link |
1 |
| NIST_SP_800-53_R5 |
IA-5(6) |
NIST_SP_800-53_R5_IA-5(6) |
NIST SP 800-53 Rev. 5 IA-5 (6) |
Identification and Authentication |
Protection of Authenticators |
Shared |
n/a |
Protect authenticators commensurate with the security category of the information to which use of the authenticator permits access. |
link |
1 |
| PCI_DSS_v4.0 |
8.3.2 |
PCI_DSS_v4.0_8.3.2 |
PCI DSS v4.0 8.3.2 |
Requirement 08: Identify Users and Authenticate Access to System Components |
Strong authentication for users and administrators is established and managed |
Shared |
n/a |
Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components. |
link |
2 |