Controls

Terug naar overzicht
Version

SB.10.009 Password Monitoring

Logging & Monitoring
Medium
Medium
Medium
Organisation
v2.0 (Q1 2024)

Description

There is security monitoring on organisational credentials appearing in (publicized) data-breaches.

If there are indications of compromise of passwords, or risks that the credentials of individuals are compromised, passwords will be forcibly changed and the users informed.

Specification

Services such as "Have i been pwned" can be used to monitor for the appearance of organisational accounts in breaches.

Losing a device on which ongoing sessions may be active should also qualify as cause for password rotation.

Specification

ISO

NBA