|
URL: http://www.itl.nist.gov/fipspubs/fip112.htm
http://csrc.nist.gov/publications/fips/fips112/fip112-2.pdf
The
document specifies basic security criteria for two different uses of passwords
in an ADP system, (I) personal identity authentication and (2) data access
authorization. It establishes the basic criteria for the design, implementation and use of a password system in those systems
where passwords are used. It identifies fundamental ADP management functions
pertaining to passwords and specifies some user actions required to satisfy
these functions. In addition, it specifies several technical features that may
be implemented in an ADP system in order to support a password system. An
implementation schedule is established for compliance with the Standard.
Numerous guidelines are provided in the Appendices for managers and users
seeking to comply with the Standard.
Keywords:
Identity Establishment, Policy, Authorization for Access Control,
Credential Renewal, Security
|
