SANS Whitepaper – Two-Factor Authentication: Can You Choose the Right One? 3.5 3.5.2 3.5.3 Identification and Authentication
This SANS whitepaper focuses on enterprise solutions for two-factor authentication.
SEARCH RESULTS
SANS Whitepaper – Vendor-Supplied Backdoor Passwords – A Continuing Vulnerability 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
This SANS whitepaper discusses vendor-supplied passwords that are embedded in software/hardware.
Schneier on Security – More on Two-Factor Authentication 3.5 3.5.2 3.5.3 Identification and Authentication
More on Two-Factor Authentication and it's ineffectivenss defense against identity theft.
State of Georgia – System Maintenance Policy 3.5 3.5.2 3.5.3 3.7 3.7.5 Identification and Authentication Maintenance
This example policy from the State of Georgia provides a starting point for system maintenance.
Symantec Whitepaper – Two-Factor Authentication 3.5 3.5.2 3.5.3 Identification and Authentication
This whitepaper is directed at IT, Security, and Compliance workers who are responsible for recommending or evaluating security products; or running and managing two-factor authentication infrastructure.
Texas A&M – Sample Identification and Authentication Policy 3.5 3.5.5 Identification and Authentication
This is an example of an identification and authentication policy for Texas A&M
Texas A&M Policy: Authenticator Feedback (IA-6) 3.5 3.5.11 Identification and Authentication
This example policy describes how information resources shall obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
Thales 3.5 3.5.2 3.5.3 Identification and Authentication
Gemalto's identity and access management (IAM) solutions allow organizations to meet the evolving needs around cloud applications and mobile devices.
Tufts University – Replay Attack Vulnerabilities and Mitigation Strategies 3.5 3.5.4 Identification and Authentication
This document provides a study of a unique class of attack and several methods attempting to prevent attacks of a kind.
US-CERT – Risks of Default Passwords on the Internet 3.5.7 3.5.8 3.5.9 csc4.2 Identification and Authentication
US-CERT alert that reviews the risk associated with default passwords on internet-connected systems.