[Info-vax] Enhanced Password Management
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Wed Mar 20 16:52:00 EDT 2019
On 2019-03-20 20:39:19 +0000, gezelter at rlgsc.com said:
> I agree with the new NIST guidance. Unfortunately, a significant number
> of auditors and corporate security staff do not seem to have "read the
> memo".
>
> For those faced with unpersuadable enforcement, the ability to comply
> is helpful. As the Borg collective said "Resistance is futile."
I usually ask for sign-off from senior management from the auditors and
explicit documentation of the rationale for divergence from US NIST
recommendations; on specifically why lesser security is being mandated.
Paperwork and paper paths and protective posterior padding for
problematic provider password paperwork, as per preferred practice.
And for similar reasons, this divergence from current recommendations
should be referenced in the VSI documentation.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list