https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175Br1.pdf
This NIST Special Publication is one part in a series of documents intended to provide guidance to the Federal Government for using cryptography to protect its sensitive, but unclassified digitized information during transmission and while in storage.
https://csrc.nist.gov/projects/cprt/catalog#/cprt/framework/version/SP_800_53_5_1_0/home?element=IA-2
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
https://nvd.nist.gov/800-53/Rev4/control/IA-4
This special publication from NIST provides an overview of Identifier Management.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
This NIST Special Publication provides technical requirements for federal agencies implementing digital identity services.
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md
This cheat sheet from OWASP provides general authentication guidelines.
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account
The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials
This link discusses the process of testing web applications for default credentials.
https://access.redhat.com/solutions/68164
This documentation from Red Hat, provides an administrator step by step instructions for configuring a lockout policy based on inactivity.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-directory_servers
This link provides more information about using directory services within RedHat.
https://www.rsa.com/products/securid/
Secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution.
