compliance controls are associated with this Policy definition 'Ensure there are no unencrypted static authenticators' (eda0cbb7-6043-05bf-645b-67411f1a59b3)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IA-5(7) |
FedRAMP_High_R4_IA-5(7) |
FedRAMP High IA-5 (7) |
Identification And Authentication |
No Embedded Unencrypted Static Authenticators |
Shared |
n/a |
The organization ensures that unencrypted static authenticators are not embedded in applications or access scripts or stored on function keys.
Supplemental Guidance: Organizations exercise caution in determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators. This is irrespective of whether that representation is perhaps an encrypted version of something else (e.g., a password). |
link |
1 |
| FedRAMP_Moderate_R4 |
IA-5(7) |
FedRAMP_Moderate_R4_IA-5(7) |
FedRAMP Moderate IA-5 (7) |
Identification And Authentication |
No Embedded Unencrypted Static Authenticators |
Shared |
n/a |
The organization ensures that unencrypted static authenticators are not embedded in applications or access scripts or stored on function keys.
Supplemental Guidance: Organizations exercise caution in determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators. This is irrespective of whether that representation is perhaps an encrypted version of something else (e.g., a password). |
link |
1 |
| hipaa |
0306.09q1Organizational.3-09.q |
hipaa-0306.09q1Organizational.3-09.q |
0306.09q1Organizational.3-09.q |
03 Portable Media Security |
0306.09q1Organizational.3-09.q 09.07 Media Handling |
Shared |
n/a |
The status and location of unencrypted covered information is maintained and monitored. |
|
6 |
| hipaa |
1006.01d2System.1-01.d |
hipaa-1006.01d2System.1-01.d |
1006.01d2System.1-01.d |
10 Password Management |
1006.01d2System.1-01.d 01.02 Authorized Access to Information Systems |
Shared |
n/a |
Passwords are not included in automated log-on processes. |
|
5 |
| ISO27001-2013 |
A.12.1.4 |
ISO27001-2013_A.12.1.4 |
ISO 27001:2013 A.12.1.4 |
Operations Security |
Separation of development, testing and operational environments |
Shared |
n/a |
Development, testing, and operational environments shall be separated to reduce the risks of unauthorized access or changes to the operational environment. |
link |
10 |
| ISO27001-2013 |
A.14.2.8 |
ISO27001-2013_A.14.2.8 |
ISO 27001:2013 A.14.2.8 |
System Acquisition, Development And Maintenance |
System security testing |
Shared |
n/a |
Testing of security functionality shall be carried out during development. |
link |
8 |
| ISO27001-2013 |
A.14.2.9 |
ISO27001-2013_A.14.2.9 |
ISO 27001:2013 A.14.2.9 |
System Acquisition, Development And Maintenance |
System acceptance testing |
Shared |
n/a |
Acceptance testing programs and related criteria shall be established for new information systems, upgrades and new versions. |
link |
14 |
| ISO27001-2013 |
A.14.3.1 |
ISO27001-2013_A.14.3.1 |
ISO 27001:2013 A.14.3.1 |
System Acquisition, Development And Maintenance |
Protection of test data |
Shared |
n/a |
Test data shall be selected carefully, protected and controlled. |
link |
11 |
|
mp.sw.1 IT Aplications development |
mp.sw.1 IT Aplications development |
404 not found |
|
|
|
n/a |
n/a |
|
51 |
|
mp.sw.2 Acceptance and commissioning |
mp.sw.2 Acceptance and commissioning |
404 not found |
|
|
|
n/a |
n/a |
|
60 |
| NIST_SP_800-53_R4 |
IA-5(7) |
NIST_SP_800-53_R4_IA-5(7) |
NIST SP 800-53 Rev. 4 IA-5 (7) |
Identification And Authentication |
No Embedded Unencrypted Static Authenticators |
Shared |
n/a |
The organization ensures that unencrypted static authenticators are not embedded in applications or access scripts or stored on function keys.
Supplemental Guidance: Organizations exercise caution in determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators. This is irrespective of whether that representation is perhaps an encrypted version of something else (e.g., a password). |
link |
1 |
| NIST_SP_800-53_R5 |
IA-5(7) |
NIST_SP_800-53_R5_IA-5(7) |
NIST SP 800-53 Rev. 5 IA-5 (7) |
Identification and Authentication |
No Embedded Unencrypted Static Authenticators |
Shared |
n/a |
Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage. |
link |
1 |