Define a password management tool
Summary
The passwords of high privilege users must be guarded and managed by the tool defined by the organization to complete this task.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CWE™-256. Plaintext storage of a password
- NIST Framework-PR_AC-1. Identities and credentials are issued, managed, verified, revoked and audited for authorized devices, users and processes
- CERT-J-SEC04-J. Protect sensitive operations with security manager checks
- MITRE ATT&CK®-M1027. Password policies
- CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
- HITRUST CSF-01_d. User password management
- HITRUST CSF-01_r. Password management system
- ISO/IEC 27002-5_17. Authentication information
- SWIFT CSCF-5_4. Physical and logical password storage
- OWASP ASVS-6_4_1. Secret management
- OWASP ASVS-6_4_2. Secret management
- ISO/IEC 27001-5_17. Authentication information
- CASA-6_4_2. Secret Management
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.