Reference: CMMC v2.13
Family: IA
Level Introduced: 2
Title: Obscure Feedback
Practice:
Obscure feedback of authentication information.
Further Discussion:
Authentication information includes passwords. When users enter a password, the system displays a symbol, such as an asterisk, to obscure feedback preventing others from seeing the actual characters. Feedback is obscured based on a defined policy (e.g., smaller devices may briefly show characters before obscuring).
Example
As a system administrator, you configure your systems to display an asterisk when users enter their passwords into a computer system [a]. For mobile devices, the password characters are briefly displayed to the user before being obscured. This prevents people from figuring out passwords by looking over someone’s shoulder.
Potential Assessment Considerations
• Is the feedback immediately obscured when the authentication is presented on a larger display (e.g., desktop or notebook computers with relatively large monitors) [a]?
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
800-171 Requirements v2 (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.