NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
IA-1
IA-2
IA-2(1)
IA-2(2)
IA-2(11)
IA-2(3)
IA-2(5)
IA-2(6)
IA-2(4)
IA-2(8)
IA-2(7)
IA-2(10)
IA-2(9)
IA-2(12)
IA-2(13)
IA-3
IA-3(1)
IA-3(2)
IA-3(3)
IA-3(4)
IA-4
IA-4(1)
IA-4(2)
IA-4(3)
IA-4(4)
IA-4(5)
IA-4(6)
IA-4(7)
IA-4(8)
IA-4(9)
IA-5
IA-5(1)
IA-5(2)
IA-5(11)
IA-5(3)
IA-5(5)
IA-5(6)
IA-5(7)
IA-5(8)
IA-5(9)
IA-5(10)
IA-5(4)
IA-5(12)
IA-5(13)
IA-5(14)
IA-5(15)
IA-5(16)
IA-5(17)
IA-5(18)
IA-6
IA-7
IA-8
IA-8(1)
IA-8(2)
IA-8(3)
IA-8(4)
IA-8(5)
IA-8(6)
IA-9
IA-9(1)
IA-9(2)
IA-10
IA-11
IA-12
IA-12(1)
IA-12(2)
IA-12(3)
IA-12(4)
IA-12(5)
IA-12(6)

IA-5(8): Authenticator Management | Multiple System Accounts

Control Text:

Implement [Assignment: organization-defined security controls] to manage the risk of compromise due to individuals having accounts on multiple systems.

When individuals have accounts on multiple systems and use the same authenticators such as passwords, there is the risk that a compromise of one account may lead to the compromise of other accounts. Alternative approaches include having different authenticators (passwords) on all systems, employing a single sign-on or federation mechanism, or using some form of one-time passwords on all systems. Organizations can also use rules of behavior (see PL-4) and access agreements (see PS-6) to mitigate the risk of multiple system accounts.

Related Controls