A.5.17 — Authentication information
This control protects authentication information, such as passwords, to prevent unauthorized access. Measures include encryption, secure storage, and periodic password updates.
| Property | Value |
|---|---|
| Section | process |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-CRYPTO-02 | PRF Extension Key Derivation |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore |
Source: ISO/IEC 27001:2022 Annex A