[cabf_netsec] Passwords
Tim Hollebeek
tim.hollebeek at digicert.com
Tue Feb 27 14:57:58 MST 2018
As stated on the previous call, I probably will not be able to attend this
week's call, as I am at another standards meeting.
However, attached please find a version of our latest draft that only has
the MFA/password changes. Please double-check it and comment on what
additional work (if any) is necessary before it gets turned into a ballot.
I did add an item that we haven't discussed previously: recommending that
password policies follow the guidance of NIST 800-63B Appendix A (mostly
intended to guide people away from misguided complexity requirements), and a
requirement that password replacement policies be at least two years, to
prevent people from doing stupid things because of overly frequent
rotations.
-Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20180227/7f45ecf2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CABForum_Network_Security_Controls-2018-02-16-Tim-Passwords.doc
Type: application/msword
Size: 119296 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20180227/7f45ecf2/attachment-0001.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/netsec/attachments/20180227/7f45ecf2/attachment-0001.p7s>
More information about the Netsec
mailing list