Reference: CMMC 2.0
Family: IA
Level Introduced: 2
Title: Obscure Feedback
Practice:
Obscure feedback of authentication information.
CMMC Clarification:
A password is a type of authentication information. When users enter this information, the system displays a symbol, such as an asterisk. This prevents others from seeing the actual characters. The organization should obscure feedback based on a defined policy. For example, smaller devices may briefly show characters before obscuring.
Example
You are in charge of IT for your company. You set up your systems to display a symbol, such as an asterisk, when users enter their passwords into a computer system. For your mobile devices, the password characters are briefly displayed to the user before being obscured. This prevents people from figuring out passwords by looking over someone's shoulder.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.