Unique access credentials
Summary
System access credentials must be unique for each actor.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CIS-5_2. Use unique passwords
- HIPAA-164_312_a_2_i. Unique user identification (required)
- NIST Framework-PR_AC-1. Identities and credentials are issued, managed, verified, revoked and audited for authorized devices, users and processes
- PA-DSS-3_1_5. Payment application does not require or use any group, shared, or generic accounts and passwords
- PA-DSS-10_2_2. Unique authentication credential must be used for each customer environment
- HITRUST CSF-01_q. User identification and authentication
- ISO/IEC 27002-5_16. Identity management
- ISO/IEC 27002-7_2. Physical entry controls
- ISA/IEC 62443-IAC-1_2. Software process and device identification and authentication
- ISSAF-U_9. Web application SQL injections - Bypass user authentication
- OWASP MASVS-V2_1. Security verification requirements
- NIST 800-171-5_1. Identify system users, processes acting on behalf of users, and devices
- PCI DSS-8_2_1. Assign a unique ID before access to system components
- SIG Core-H_2. Access control
- SIG Core-U_1_9_18. Server security
- ISO/IEC 27001-5_16. Identity management
- ISO/IEC 27001-7_2. Physical entry controls
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.