https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
https://nvd.nist.gov/800-53/Rev4/control/IA-4
This special publication from NIST provides an overview of Identifier Management.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
This NIST Special Publication provides technical requirements for federal agencies implementing digital identity services.
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md
This cheat sheet from OWASP provides general authentication guidelines.
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials
This link discusses the process of testing web applications for default credentials.
https://access.redhat.com/solutions/68164
This documentation from Red Hat, provides an administrator step by step instructions for configuring a lockout policy based on inactivity.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-directory_servers
This link provides more information about using directory services within RedHat.
https://www.rsa.com/products/securid/
Secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blta5be14c7136a535f/5e9dde89db124263e8afce3d/password_construction_guidelines.pdf
This SANS guideline provides best practices for creating secure passwords.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt56ee6e15d78eb882/5e9ddf05d5a1cb709eee4a22/password_protection_policy.pdf
This is a sample password protection policy from SANS.