How CJIS Evolved Password Policy Requirements

The Criminal Justice Information Services (CJIS) is the largest division of the FBI. They’re a hub of state-of-the-art tools and services for law enforcement, national security community partners, and the general public. The CJIS Security Policy is regularly updated to evolving industry best practices. Their June 2019 update introduced a new policy option for passwords. This option made it easier …

stolen credentials

From Stolen Credentials to Full Network Compromise

How Hackers Are Actually Using Exposed Passwords to Infiltrate Active Directory Recent reports like the Verizon DBIR have noted that stolen credentials are often the foothold that attackers use to compromise networks and systems. A simple phishing or credential stuffing attack becomes the entry point for a much larger enterprise, like data theft, ransomware, or system hijacking. This is rather …

state of password security 451

Response Required

Why organizations need to react urgently to the state of password security, according to data from 451 Research In a recent brief titled “Love ‘em or Hate ‘em, Passwords Are Here to Stay,” 451 Research indicated that despite the stirrings of a passwordless revolution, the widespread use of passwords won’t be changing in the foreseeable future. The 451 brief points …

NIST password guidelines

A Brief Summary of NIST Password Guidelines

National Institute of Standards and Technology (NIST) has been substantially revising its password guidelines since 2017. Previous recommendations have been changed, including combining symbols, letters, and numeric to create complex passwords; changing passwords frequently; or requiring users to generate passwords of a specified length. The changes address findings from NIST related to the human factors that cause users to create …

Creating a NIST Password Policy for Active Directory https://www.enzoic.com/creating-a-nist-password-policy-for-active-directory/

Creating a NIST Password Policy for Active Directory

NIST recommends rejecting passwords used for online guessing attacks and also eliminating periodic password expiration- unless the password is compromised. While these requirements make sense given current cyber threats, they don’t precisely fit historic password policies. NIST has recommended new password policy guidelines for Active Directory that can help. So how can you easily implement a modern password policy? And …

Root Passwords

Root Passwords: The Root of Password Problems

The average online user has over 90 accounts between personal and work accounts that require a password. That is a daunting number of unique passwords to memorize. In an effort to remember their passwords, most users will select common “root” words with easily guessable variations. These root passwords become predictable passwords when one becomes compromised. Password Expiration Policies The situation …

Recommendations For HIPAA Password Compliance: https://www.enzoic.com/hipaa-password-compliance/

Recommendations For HIPAA Password Compliance

What is HIPAA Password Compliance and How Healthcare Organizations Can Comply with these Authentication Guidelines. HIPAA (Health Insurance Portability and Accountability Act) was introduced in 1996 but has become increasingly prominent in recent years due to the rise of data breaches in the industry. Data breaches have been on the rise across all industries in the past five years, but …

HITRUST & Password Policy: https://www.enzoic.com/hitrust-password/

HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST

Our recommended healthcare password policies that complement and support HITRUST. Since its founding in 2007, HITRUST (Health Information Trust Alliance) champions programs that safeguard sensitive information and manage information risk for global organizations across all industries. HITRUST works with privacy, information security, and risk management leaders from the public and private sectors, to develop common risk and compliance management frameworks, …

NIST 800-171: Change of Characters in Passwords

NIST 800-171: Change of Characters in Passwords

Cybersecurity risks are a concern for every business, including the Federal government. Until the introduction of NIST 800-171, there was not a consistent approach between government agencies on how data should be handled, safeguarded, and disposed of. This caused a myriad of headaches, including security concerns, when information needed to be shared. After several high profile incidents culminating in the …