Define a password management tool
Summary
The passwords of high privilege users must be guarded and managed by the tool defined by the organization to complete this task.
Description
The use of a password management tool provide a secure and controlled environment for storing, modifying, and accessing passwords. They include features such as encryption, access controls, and audit trails. By using these tools users only need to remember one strong master password to access the password manager, simplifying the user experience while maintaining a high level of security.
References
- CWE-256. Plaintext storage of a password
- CERTJ-SEC04-J. Protect sensitive operations with security manager checks
- MITRE-M1027. Password policies
- CMMC-IA_L2-3_5_10. Cryptographically-protected passwords
- HITRUST-01_d. User password management
- HITRUST-01_r. Password management system
- ISO27002-5_17. Authentication information
- SWIFTCSC-5_4. Password repository protection
- ASVS-6_4_1. Secret management
- ASVS-6_4_2. Secret management
- ISO27001-5_17. Authentication information
- CASA-6_4_2. Secret Management
- NIST-PR_AA-01. Identities and credentials for authorized users, services, and hardware are managed by the organization
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan