Detections
Analytics

800-53|IA-6

Title

AUTHENTICATOR FEEDBACK

Description

The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

Supplemental

The feedback from information systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of information systems or system components, for example, desktops/notebooks with relatively large monitors, the threat (often referred to as shoulder surfing) may be significant. For other types of systems or components, for example, mobile devices with 2-4 inch screens, this threat may be less significant, and may need to be balanced against the increased likelihood of typographic input errors due to the small keyboards. Therefore, the means for obscuring the authenticator feedback is selected accordingly. Obscuring the feedback of authentication information includes, for example, displaying asterisks when users type passwords into input devices, or displaying feedback for a very limited time before fully obscuring it.

Reference Item Details

Related: PE-18

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.6.12 Configure 'Interactive logon: Display user information when the session is locked'WindowsCIS Windows 8 L1 v1.0.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.9 L1 v1.3.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.14 Do not enter a password-related hintUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.15 Do not enter a password-related hintUnixCIS Apple macOS 10.13 L1 v1.1.0
5.16 Do not enter a password-related hintUnixCIS Apple macOS 10.12 L1 v1.2.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
6.1.2 Disable 'Show password hints'UnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
6.1.2 Disable 'Show password hints' - Show password hintsUnixCIS Apple macOS 10.13 L1 v1.1.0
6.1.2 Disable 'Show password hints' - Show password hintsUnixCIS Apple macOS 10.12 L1 v1.2.0
6.1.2 Disable "Show password hints"UnixCIS Apple OSX 10.9 L1 v1.3.0
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Disable Password HintsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Obscure PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Disable Password HintsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Obscure PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
DB2X-00-004510 - Applications using the database must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
DB2X-00-004520 - When using command-line tools such as db2, users must use a Connect method that does not expose the password.IBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
EP11-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r2