Credentials are provided to users via a secure communications channel or, if not possible, split into two parts with one part provided to users and the other part provided to supervisors.
Topic
Setting credentials for user accounts
Applicable to
all
History
Mar 2022
Credentials are provided to users via a secure communications channel or, if not possible, split into two parts with one part provided to users and the other part provided to supervisors.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Aug 2020
Passwords/passphrases are provided to users via a secure communications channel or, if not possible, split into parts with part being provided to the user and part provided to the user’s supervisor.
Security controls 1593, 1594 and 1595 were introduced to ensure that users provide sufficient evidence to verify their identity when collecting account credentials, that those credentials are provided to them in a secure manner and that they are changed upon first use.