🎫 IA — Identification and Authentication
Identify users, processes, devices and authenticate their identities
← Back to all domains11 Practices
Identify users, processes, and devices
This control requires organizations to identify and maintain a clear list of all users, processes, and devices that interact with their systems. It me...
Authenticate (or verify) the identities of users, processes, or devices
This control ensures that only authorized users, processes, or devices can access your systems. It requires verifying identities before granting acces...
Store and transmit only cryptographically-protected passwords
This control requires that all passwords stored in your systems or transmitted across networks are protected using strong cryptographic methods. In pl...
Obscure feedback of authentication information
This practice requires that any feedback provided during authentication processes does not reveal sensitive information that could be exploited by att...
Use multifactor authentication for local and network access to privileged accounts
This control requires adding an extra layer of security when logging into high-privilege accounts (like IT administrators or system controllers). Inst...
Employ replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts
This control requires organizations to implement authentication mechanisms that protect against replay attacks, where an attacker intercepts and retra...
Prevent reuse of identifiers for a defined period
This control ensures that user identifiers (like usernames or account IDs) cannot be reused for a specific period of time after they are deleted or de...
Disable identifiers after a defined period of inactivity
This control requires organizations to automatically disable user accounts after a set period of inactivity (e.g., 90 days). It's like turning off unu...
Enforce a minimum password complexity and change of characters when new passwords are created
This control ensures that passwords are complex enough to resist guessing or brute-force attacks by requiring a mix of character types and enforcing r...
Prohibit password reuse for a specified number of generations
This control ensures that users cannot reuse their previous passwords for a certain number of password changes. For example, if the policy specifies t...
Allow temporary password use for system logons with an immediate change to a permanent password
This control requires that when a new user account is created or a password is reset, the system must issue a temporary password that expires after th...