Description
The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
Supplemental Guidance
The feedback from the information system does not provide information that would allow an unauthorized user to compromise the authentication mechanism. Displaying asterisks when a user types in a password is an example of obscuring feedback of authentication information.
Enhancements
(0) None.
MITRE ATT&CK Techniques (8)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Defense Evasion 4 Lateral Movement 3 Collection 1
Compliance Mappings
ISO 27001:2022
A.5.17
ISO 27002:2022
5.17
COBIT 2019
DSS05
MAS TRM
9
BSI IT-Grundschutz
ORP.4
ANSSI
Hygiene.10SecNumCloud.10.5
FINMA Circular 2023/1
IV.B.d(59)
OSFI B-13
B-13.3.2
EU GDPR
Art.32(1)(b)
EU DORA
Art.9(4)(c)
BIO2
5.17
RBI CSF
Annex1.8
FISC Security Guidelines
FISC.T2
HKMA TM-E-1
TME1.8.3
MLPS 2.0
8.1.4.1
EU CRA
CRA.I.2d
SAMA CSF
3.1
NCA ECC
2-2
UAE IA
T9
CBB TM
TM-6
Qatar NIA
AC
CBUAE
CR-4
CBE CSF
CTO-1
SA JS2
JS2-7.1JS2-8.1
CBN CSF
Part3.2
BoG CISD
CISD-VIII
BoM CTRM
3.3
IOSCO Cyber Resilience
PROT-1
FFIEC IS
II.C.15
HIPAA Security Rule
§164.308(a)(5)(ii)(D)§164.312(d)
EBA ICT Guidelines
3.4.2
SEBI CSCRF
PR.AA
BOT Cyber Resilience
Ch2.2
CMMC 2.0
IA
Common Criteria
CC Part 2 — FIA
HITRUST CSF v11
01.c
FDA 21 CFR Part 11
§11.200(a)(1)§11.300(d)
FDA Cybersecurity Guidance
SA-1
ISO 17799 (legacy)
11.5.1
COBIT 4.1 (legacy)
None.