NIST 800-172_3.5.2e

NIST 800-172



Employ automated mechanisms for the generation protection rotation and management of passwords for systems and system components that do not support multifactor authentication or complex account management.

Authenticate (or verify) the identities of users processes or devices as a prerequisite to allowing access to organizational systems.In situations where static passwords or personal identification numbers (PIN) are used (e.g. certain system components do not support multifactor authentication or complex account management such as separate system accounts for each user and logging) automated mechanisms (e.g. password managers) can automatically generate rotate manage and store strong and different passwords for users and device accounts. For example a router might have one administrator account but an organization typically has multiple network administrators. Therefore access management and accountability are problematic. A password manager uses techniques such as automated password rotation (in this example for the router password) to allow a specific user to temporarily gain access to a device by checking out a temporary password and then checking the password back in to end the access. The password manager simultaneously logs these actions. One of the risks in using password managers is that an adversary may target the collection of passwords that the device generates. Therefore it is important that these passwords are secured. Methods for protecting passwords include the use of multi-factor authentication to the password manager encryption or secured hardware (e.g. a hardware security module).


Click here to Start your FREE trial today!

Explainer video


What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video