Expert Advice Community

Home / ISO 27001 & 22301 / Use of secret authentication information

Guest

Use of secret authentication information

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Use of secret authentication information

ISO 27001 & 22301
I have a query on one of the controls in the Annex i.e.. Use of secret authentication information  (9.3.1). If the entity opts for the control, what is expected to be maintained as Policy / Procedure and the evidences?
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
DejanK Jan 12, 2016

As you know, this control is for the use of secret authentication information, this means basically that you need to protect the passwords of the users. For this, you can develop a policy (defining length of passwords, share of passwords, change of passwords, etc.), and also you can use software tools (for example Single Sign On) to store and manage them. Obviously the policy and the software can serve as evidence.

For the development of the policy, I recommend you our resource: “Password Policy”: https://advisera.com/27001academy/documentation/password-policy/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics
Guest user Created:   May 20, 2020 ISO 27001 & 22301
Replies: 3
0 0

User Account Responsibilities
Guest user Created:   Nov 14, 2017 ISO 27001 & 22301
Replies: 1
0 0

Password security and ISO 27001
Guest user Created:   Sep 20, 2017 ISO 27001 & 22301
Replies: 1
0 0

Controls selection