History
- Priority
- must
- Oct 2019
- Removed
- Following a rigorous review of the ability of passphrases used for single-factor authentication to withstand attack, security controls 0421 and 0422 were modified, 1426 was removed, and security controls 1557 and 1558 were added.
- Sep 2019
- When systems cannot be configured to enforce passphrase complexity and management practices, passphrases are checked by alternative means for compliance with passphrase policies.
- 2015
- When systems cannot be configured to enforce passphrase complexity requirements,passphrases must be checked by alternative means for compliance with passphrase policies.