Overview
  1. 03.01: Access Control
  2. 03.02: Awareness and Training
  3. 03.03: Audit and Accountability
  4. 03.04: Configuration Management
  5. 03.05: Identification and Authentication
  6. 03.06: Incident Response
  7. 03.07: Maintenance
  8. 03.08: Media Protection
  9. 03.09: Personnel Security
  10. 03.10: Physical Protection
  11. 03.11: Risk Assessment
  12. 03.12: Security Assessment
  13. 03.13: System and Communications Protection
  14. 03.14: System and Information Integrity

Security Requirements for 03.05.09 Temporary Passwords

Changing temporary passwords to permanent passwords immediately after system logon ensures that the necessary strength of the authentication mechanism is implemented at the earliest opportunity, reducing the susceptibility to authenticator compromises.

Evidence

  1. 03.05.09.a

    An immediate change to a permanent password is required when a temporary password is used for system logon