Prevent reuse of identifiers for a defined period.
Disable identifiers after a defined period of inactivity.
Enforce a minimum password complexity and change of characters when new passwords are created.
Prohibit password reuse for a specified number of generations.
Allow temporary password use for system logons with an immediate change to a permanent password.
Store and transmit only cryptographically protected passwords.
Obscure feedback of authentication information.
Identify and authenticate systems and system components, where possible, before establishing a network connection using bidirectional authentication that is cryptographically based and replay resistant.
Employ automated or manual/procedural mechanisms to prohibit system components from connecting to organizational systems unless the components are known, authenticated, in a properly configured state, or in a trust profile.
Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities.