Use of secret authentication information
Assign topic to the user
As you know, this control is for the use of secret authentication information, this means basically that you need to protect the passwords of the users. For this, you can develop a policy (defining length of passwords, share of passwords, change of passwords, etc.), and also you can use software tools (for example Single Sign On) to store and manage them. Obviously the policy and the software can serve as evidence.
For the development of the policy, I recommend you our resource: Password Policy: https://advisera.com/27001academy/documentation/password-policy/
Comment as guest or Sign in
Jan 12, 2016