209 – Manage passwords in cache

Summary

Applications that authenticate offline must only store one password in the authentication cache.

Description

Applications that limit the authentication cache to store only one password per user adds a security control that is useful to mitigate risks, such as unauthorized access if the local cache is compromised. The design of this caching mechanism ensures that only the most recent and valid set of credentials is stored.

Supported In

Advanced: True

References

• CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
• HITRUST-01_d. User password management
• ISO27002-8_1. User endpoint devices
• ISO27002-8_26. Application security requirements
• CWE-524. Use of cache containing sensitive information
• ISO27001-8_1. User endpoint devices
• ISO27001-8_26. Application security requirements

Last updated

2024/01/18