Fedramp system Security Plan (ssp) High Baseline Template


IA-5 What is the solution and how is it implemented?



Download 1.2 Mb.
Page240/478
Date16.12.2020
Size1.2 Mb.
#54609
1   ...   236   237   238   239   240   241   242   243   ...   478
FedRAMP-SSP-High-Baseline-Template
FedRAMP-SSP-High-Baseline-Template, North Carolina Summary Table of Ecoregion Characteristics
IA-5 What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f




Part g




Part h




Part i




Part j





IA-5 (1) Control Enhancement (H)


The information system, for password-based authentication:

  1. Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type];

  2. Enforces at least the following number of changed characters when new passwords are created: [FedRAMP Assignment: at least fifty percent (50%)];

  3. Stores and transmits only cryptographically-protected passwords;

  4. Enforces password minimum and maximum lifetime restrictions of [Assignment: organization- defined numbers for lifetime minimum, lifetime maximum];

  5. Prohibits password reuse for [FedRAMP Assignment: twenty-four (24)] generations; and

  6. Allows the use of a temporary password for system logons with an immediate change to a permanent password.

IA-5 (1) a and d Additional FedRAMP Requirements and Guidance:

Guidance: If password policies are compliant with NIST SP 800-63B Memorized Secret (Section 5.1.1) Guidance, the control may be considered compliant.

IA-5 (1)

Control Summary Information

Responsible Role:

Parameter IA-5 (1)(a):

Parameter IA-5 (1)(b):

Parameter IA-5 (1)(d):

Parameter IA-5(1)(e):

Implementation Status (check all that apply):

Implemented

☐ Partially implemented

☐ Planned

Alternative implementation

Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



IA-5 (1) What is the solution and how is it implemented?

Part a




Part b




Part c




Part d




Part e




Part f





IA-5 (2) Control Enhancement (M) (H)


The information system, for PKI-based authentication:

  1. Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information;

  2. Enforces authorized access to the corresponding private key;

  3. Maps the authenticated identity to the account of the individual or group; and

  4. Implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.



IA-5 (2)

Control Summary Information

Responsible Role:

Implementation Status (check all that apply):

☐ Implemented

☐ Partially implemented

☐ Planned

☐ Alternative implementation

☐ Not applicable

Control Origination (check all that apply):

☐ Service Provider Corporate

☐ Service Provider System Specific

☐ Service Provider Hybrid (Corporate and System Specific)

☐ Configured by Customer (Customer System Specific)

☐ Provided by Customer (Customer System Specific)

☐ Shared (Service Provider and Customer Responsibility)

☐ Inherited from pre-existing FedRAMP Authorization for Click here to enter text. ,



IA-5 (2) What is the solution and how is it implemented?

Part a




Part b




Part c




Part d






Download 1.2 Mb.

Share with your friends:
1   ...   236   237   238   239   240   241   242   243   ...   478




The database is protected by copyright ©ininet.org 2024
send message

    Main page