Scribd Logo
Upload

Welcome to Scribd!

  • 21 views

    Authentication-Questions-v2 2 Cleaned

    Uploaded by

    mariduenan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Authentication-Questions-v2 2 Cleaned

    Uploaded by

    mariduenan
    21 views2 pages

    Original Title

    Authentication-Questions-v2.2.cleaned

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    21 views2 pages

    Authentication-Questions-v2 2 Cleaned

    Uploaded by

    mariduenan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    Auditing Authentication

    AuditScripts 5 Crucial Questions (v2.2)

    These materials are considered sensitive and confidential materials and may not be used
    for any purpose other than the organization’s own internal use. This material may not
    otherwise be shared, used, reproduced, or disseminated outside of the organization in any
    way without prior written permission.

    AUDITING AUTHENTICATION
    1
    © ENCLAVE SECURITY 2017
    Standards References
    CIS Critical Controls (v6.1):
    Auditing Authentication 1, 3, 5, 11, 12, 13, 14, 16

    AuditScripts 5 Crucial Questions (v2.2) NERC CIP (v5):


    Not Applicable

    Purpose: NIST 800 Series:


    Organizations audit their information security stance to protect the NIST SP 800-63
    confidentiality, integrity, and availability of their information systems. NIST SP 800-73
    Auditing and assessment allow an organization to validate their compliance NIST SP 800-76
    NIST SP 800-118
    with the standards they have set for themselves and to measure the levels of
    NIS TSP 800-120
    risk they are currently accepting.

    AuditScripts has created the “5 Crucial Questions” series of audit checklists NIST 800-53 (rev4):
    to provide auditors with a list of the five most important questions to ask AC-7—14
    when auditing a specific scope. Heavily influenced by the 20 Critical Security
    COBIT 5:
    Controls project, these questions should serve as the starting point for any
    APO13, DSS05
    assessment.
    ISO 27000:2013:
    5 Crucial Questions to Ask: 11.1—3
    When performing an audit of an organization’s authentication systems,
    NIST Cybersecurity Framework:
    auditors should consider at a minimum asking the following questions: PR.AC-1
    1. Are clear-text authentication methods ever utilized in the
    organization? IIA GTAGs:
    2. Does the organization have a well-defined password standard for Not Applicable
    using passwords with lower sensitivity systems?
    3. Is authentication performed at multiple layers (operating system, PCI DSS (v3.1):
    network, encryption, etc.)? 2, 3, 4, 6
    4. Does the organization utilize two-factor authentication for access to
    sensitive resources and systems? HIPAA / HITECH:
    5. Does the organization log all authentication events for both HIPAA 164.308(a)(1)
    successful and unsuccessful attempts to authenticate? HIPAA 164.312(a)(4)
    HIPAA 164.312(c)(1)
    HIPAA 164.312(d)
    ©AuditScripts.com & Enclave Security, LLC under a Creative Commons Attribution-
    Other Standards:
    NonCommercial 3.0 Unported (CC BY-NC 3.0) License.
    All current FIPS Publications
    http://creativecommons.org/licenses/by-nc/3.0/deed.en_US.
    (especially FIPS 140-2)

    AUDITING AUTHENTICATION
    2
    © ENCLAVE SECURITY 2017

    You might also like