PR.AA-03.201

Does your organization enforce minimum strength requirements for passwords, PINs, and other authenticators?

Explanation

Password strength policies are essential for preventing unauthorized access through brute force or dictionary attacks. Strong policies typically include requirements for minimum length, complexity (uppercase, lowercase, numbers, special characters), and restrictions on common or previously breached passwords. As evidence, you could provide a screenshot of your password policy configuration from your identity management system, directory service (like Active Directory), or a written policy document that clearly outlines the minimum requirements enforced across your systems.

Implementation Example

Enforce policies for the minimum strength of passwords, PINs, and similar authenticators

ID: PR.AA-03.201

Context

Function
PR: PROTECT
Category
PR.AA: Identity Management, Authentication, and Access Control
Sub-Category
Users, services, and hardware are authenticated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron