IA-5 Authenticator Management

Illustrative Controls and TIBCO LogLogic Solution

Frequently changing user passwords is a good general security practice that ensures intruders cannot enter into the IT infrastructure. It is generally a good practice to change your passwords every 30 to 90 days.

Administrators must identify and review all password change events to ensure users are changing passwords at least every 90 days. For example, Windows platforms generate events with the ID of 4723 and 4724 for password change attempts.

All users (internal, external and temporary) and their activity on IT systems (business application, system operation, development, and maintenance) must be uniquely identifiable.

Ensuring all users have uniquely identifiable IDs ensures that accurate and complete audit trails can be maintained. Deficiencies in this area can significantly impact accountability. For example, users logging in using shared IDs can modify healthcare records. This can prevent future audits to identify who has modified the data.

To satisfy this requirement, administrators must ensure all logins are assigned a unique name and number for identifying and tracking user identity. Administrators must review the ID list to identify IDs that might be a generic ID and question who is using it and why it is there. Administrators can review the time and sources of the logins to determine whether they overlap. If the time overlap and sources are different, that should indicate a shared (or generic) ID. Administrators must also validate that attempts to gain unauthorized access to healthcare reporting systems and subsystems are logged and are followed up on a timely basis.

Reports and Alerts

Use the following reference to see the IA-5 reports and alerts: IA-5.