The passwords of high privilege users must be guarded and managed by the tool defined by the organization to complete this task.
This requirement is verified in following services
- CWE™-256. Plaintext storage of a password
- NIST Framework-PR_AC-1. Identities and credentials are issued, managed, verified, revoked and audited for authorized devices, users and processes
- CERT-J-SEC04-J. Protect sensitive operations with security manager checks
- MITRE ATT&CK®-M1027. Password policies
- CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
- HITRUST CSF-01_d. User password management
- HITRUST CSF-01_r. Password management system
- ISO/IEC 27002-5_17. Authentication information
- SWIFT CSCF-5_4. Physical and logical password storage
- OWASP ASVS-6_4_1. Secret management
- OWASP ASVS-6_4_2. Secret management
- ISO/IEC 27001-5_17. Authentication information
- CASA-6_4_2. Secret Management
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.