380 – Define a password management tool

Summary

The passwords of high privilege users must be guarded and managed by the tool defined by the organization to complete this task.

Description

The use of a password management tool provide a secure and controlled environment for storing, modifying, and accessing passwords. They include features such as encryption, access controls, and audit trails. By using these tools users only need to remember one strong master password to access the password manager, simplifying the user experience while maintaining a high level of security.

Supported In

Advanced: True

References

• CWE-256. Plaintext storage of a password
• CERTJ-SEC04-J. Protect sensitive operations with security manager checks
• MITRE-M1027. Password policies
• CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
• HITRUST-01_d. User password management
• HITRUST-01_r. Password management system
• ISO27002-5_17. Authentication information
• SWIFTCSC-5_4. Password repository protection
• ASVS-6_4_1. Secret management
• ASVS-6_4_2. Secret management
• ISO27001-5_17. Authentication information
• CASA-6_4_2. Secret Management
• NIST-PR_AA-01. Identities and credentials for authorized users, services, and hardware are managed by the organization

Last updated

2024/03/05