5.17 Authentication Information

Control

Allocation and management of authentication information should be controlled by a management process, including advising personnel on the appropriate handling of authentication information.

Purpose

To ensure that authentication of entities both internal and external are managed properly and to ensure that authentication failures are prevented.

Implementation Guidance

Authentication management is an important practice for an organisation. One of the most effective methods of information security breaches is the circumvention of the authentication process. Therefore, it is crucial that organisation considers aspects such as:

  • Non-guessable, unique password and personal identification numbers (PINs) generated automatically,
  • Procedures to identify and verify the temporary and permanent authentication methods
  • Authentication information is transferred to a secure location using a secure manner.
  • Dodgy authentication devices and methods to be removed from the system

It is beneficial for the organisation to record the details of authentication methods in a well-structured document. Identifying the responsibilities of the users and all relevant authentication methods.

ISO 27001

Find out more about our ISO 27001 Consultancy Services
ISO 27001 Consultancy
< Back to Controls
ISO 27001:2022

Organisational Controls

AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!

Got a question or need help? Don't hesitate to reach out to our team.

Need help with an ISO?

By filling out this form, you agree to the terms laid out in our privacy policy
Thanks, We'll reply asap
Request Failed to send, please check fields

27002:2022 Related Controls

CLick to view control
5.1 Policies for Information Security
5.2 Information Security Roles and Responsibilities
5.3 Segregation of Duties
5.4 Management Responsibilities
5.5 Contact with Authorities
5.6 Contact with Special Interest Groups
5.7 Threat Intelligence
5.8 Information Security in Project Management
5.9 Inventory of Information and Other Associated Assets
5.10 Acceptable use of Information and Other Associated Assets
5.11 Return of Assets
5.12 Classification of information
5.13 Labelling of Information
5.14 Information Transfer
5.15 Access Control
5.16 Identity Management
5.17 Authentication Information
5.18 Access Rights
5.19 Information Security in Supplier Relationships
5.20 Addressing Information Security Within Supplier Agreements
5.21 Managing Information Security in the ICT Supply Chain
5.22 Monitoring, Review and Change Management of Supplier Services
5.23 Information Security For The Use of Cloud Services
5.24 Information Security Incident Management Planning and Preparation
5.25 Assessment and Decision on Information Security Events
5.26 Response to IS Incidents
5.27 Learning from Information Security Incidents
5.28 Collection of Evidence
5.29 Information Security During Disruption
5.30 ICT Readiness for Business Continuity
5.31 Legal, Statutory, Regulatory and Contractual Requirements
5.32 Intellectual Property Rights
5.33 Protection of Records
5.34 Privacy and Protection of PII
5.35 Independent Review of Information Security
5.36 Compliance with Policies, Rules and Standards for Information Security
5.37 Documented Operating Procedures
ask a question

If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk

By filling out this form, you agree to the terms laid out in our privacy policy
Thank you!
Your submission has been received, one of our team members will be in touch soon.
Oops! Something went wrong while submitting the form.
ISO consultants kent
By clicking “Continue To Site”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Continue To Site