Define a password management tool
Summary
The passwords of high privilege users must be guarded and managed by the tool defined by the organization to complete this task.
Description
The use of a password management tool provide a secure and controlled environment for storing, modifying, and accessing passwords. They include features such as encryption, access controls, and audit trails. By using these tools users only need to remember one strong master password to access the password manager, simplifying the user experience while maintaining a high level of security.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CWE™-256. Plaintext storage of a password
- CERT-J-SEC04-J. Protect sensitive operations with security manager checks
- MITRE ATT&CK®-M1027. Password policies
- CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
- HITRUST CSF-01_d. User password management
- HITRUST CSF-01_r. Password management system
- ISO/IEC 27002-5_17. Authentication information
- SWIFT CSCF-5_4. Password repository protection
- OWASP ASVS-6_4_1. Secret management
- OWASP ASVS-6_4_2. Secret management
- ISO/IEC 27001-5_17. Authentication information
- CASA-6_4_2. Secret Management
- NIST CSF-PR_AA-01. Identities and credentials for authorized users, services, and hardware are managed by the organization
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.