HITRUST & Password Policy: https://www.enzoic.com/hitrust-password/

HITRUST & PASSWORDS: 7 Important Password Policies for HITRUST

Our recommended healthcare password policies that complement and support HITRUST. Since its founding in 2007, HITRUST (Health Information Trust Alliance) champions programs that safeguard sensitive information and manage information risk for global organizations across all industries. HITRUST works with privacy, information security, and risk management leaders from the public and private sectors, to develop common risk and compliance management frameworks, …

NIST 800-171: Change of Characters in Passwords

NIST 800-171: Change of Characters in Passwords

Cybersecurity risks are a concern for every business, including the Federal government. Until the introduction of NIST 800-171, there was not a consistent approach between government agencies on how data should be handled, safeguarded, and disposed of. This caused a myriad of headaches, including security concerns, when information needed to be shared. After several high profile incidents culminating in the …

NIST Password Requirements for 2020

3 Key Elements of the NIST Password Requirements for 2021

Reasons Why NIST Password Requirements Should Drive Your Password Strategy in 2021 Despite the doubters claiming that passwords will go the way of overhead projectors, they are still prevalent. They are still the backup factor for most other authentication solutions and show no sign of extinction because every organization has a password-supported infrastructure in place. Fortunately, the National Institute of …

NIST Privacy Framework

What the NIST Privacy Framework Means for Password Policy

Now Is Time To Contribute Your Feedback on the NIST Privacy Framework The National Institute of Standards and Technology (NIST) has recently released the preliminary draft of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. NIST is a non-regulatory agency and science lab that aims to promote innovation by advancing measurement science.   In this …

Eliminating the Burden of Periodic Password Reset: The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords.

Eliminating the Burden of Periodic Password Reset

The NIST 800-63b password guidelines include password policy changes that can improve everyone’s experience with passwords, including eliminating the forced periodic password reset. The most publicized recommendation is throwing away password complexity rules and this recommendation is still hotly contested on many security forums. However, what really catches the attention of most Active Directory and system admins, is the instruction …


NIST Special Publication 800-63 is Final

The big changes to NIST password recommendations we’ve been talking about are now official: NIST 800-63 is final. It’s important to know that this overhaul is about more than just passwords. It’s a full reworking of digital identity guidelines with a suite of new documents and a flexible approach to using them.

NIST compromised credentials

Looking Closer at NIST Password Guidelines for Checking Compromised Credentials

NIST suggests passwords should be screened against commonly-used, expected, or compromised passwords. This is intended to ensure passwords are not found in common cracking dictionaries that would make them easy to guess. These checks can occur at account creation and password reset. But then what? How do you know if they are still safe after time?