Control Types and Categories

Password controls

Password Controls, as the name suggests, are controls related to passwords. There are several types of controls related to passwords that can be implemented in most systems. Password length, complexity, re-use, failed attempts, and notification, just to name a few, are controls commonly implemented to mitigate the risk of unauthorized individuals authenticating to systems utilizing active accounts for the purpose of exploiting an organization’s resources.

The following Password related controls are organized by Platform. You can also “Jump To” Control Types and Categories by clicking on the link located at the right of this screen.

The following are links to more detailed pages:

BOX

Showing 1 control:
Control TitleControl TypeRisk Rating
BOX – Shared Sensitive Files without password Password controls High

JD Edwards

Showing 3 controls:
Control TitleControl TypeRisk Rating
Monitor all accounts with passwords older than six months Password controls High
Monitor delivered and super user accounts not locked or changed passwords Password controls, System Hardening High
Monitor password configuration to be consistent with company policy Password controls High

Oracle EBS

Showing 3 controls:
Control TitleControl TypeRisk Rating
Monitor accounts with password configuration not consistent with policy Password controls High
Monitor password configuration Password controls High
Password hashing has been implemented on Oracle DBs Password controls High

PeopleSoft

Showing 4 controls:
Control TitleControl TypeRisk Rating
Monitor accounts whose password never expires Password controls High
Monitor accounts with high number of duplicate passwords Password controls Medium
Monitor all accounts with passwords older than six months Password controls High
Monitor failed login password configuration Password controls High

SAP

Showing 2 controls:
Control TitleControl TypeRisk Rating
Monitor accounts that cannot change their password Password controls Medium
Monitor all accounts for which password never expires Password controls Medium

SAP HANA

Showing 6 controls:
Control TitleControl TypeRisk Rating
Monitor accounts that cannot change their password Password controls Medium
Monitor all accounts for which password never expires Password controls Medium
Monitor and limit users with initial passwords that are active and unlocked IT General Controls, Password controls High
Monitor users that cannot change their passwords IT General Controls, Password controls Medium
Monitor users with no logins and no password changes IT General Controls, Password controls High
Monitor users with Passwords older than 6 months IT General Controls, Password controls High