Limited-Use Setup Passwords, v1.0
Specifies requirements in accordance with the DHS CISA Secure-by-Design Pledge, published by the U.S. Dept of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA). Requires an organization to use time-limited setup passwords that auto-disable after configuration completion, across all of its product and service offerings.
Assessment Step
1
Limited-Use Setup Passwords (Limited-UseSetupPasswords)
Across all of its product and service offerings, does the organization use time-limited setup passwords that auto-disable after configuration completion?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
Limited-Use Setup Passwords
Across all of its product and service offerings, the organization must use time-limited setup passwords that auto-disable after configuration completion.
Citation
SBDP
(doc)
|