← Back to catalog
IA-5(7)

No Embedded Unencrypted Static Authenticators

Identification and Authentication (IA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.

Discussion

In addition to applications, other forms of static storage include access scripts and function keys. Organizations exercise caution when determining whether embedded or stored authenticators are in encrypted or unencrypted form. If authenticators are used in the manner stored, then those representations are considered unencrypted authenticators.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.