The National Cybersecurity Center of Excellence, a part of The National Institute of Standards and Technology (NIST), recently published a draft version of the Privileged Account Management for the Financial Services Sector report with new guidelines aimed to increase the security of privileged accounts. Among those guidelines were password management practices, which included:
- PC.Am.B.3: Elevated privileges (e.g., administrator privileges) are limited and tightly controlled (e.g., assigned to individuals, not shared, and require stronger password controls).
- PC.Am.B.7: Access controls include password complexity and limits to password attempts and reuse.
Read more at: LastPass