4.4: Use Unique Passwords
=========================================================
Where multi-factor authentication is not supported (such as local administrator, root, or service accounts), accounts will use passwords that are unique to that system.

.. list-table::
	:header-rows: 1

	* - Asset Type
	  - Security Function
	  - Implementation Groups
	* - Users
	  - Protect
	  - 2, 3

Dependencies
------------
* None

Inputs
------
#. Password policy that includes requirement for unique passwords

Operations
----------
#. Verify that a password policy was provided and set M1 accordingly.
#. (Optional) Manually review the provided password policy. Determine if it includes a valid requirement for unique passwords and set M2 accordingly.

Measures
--------
* M1 = Boolean value indicating whether a password policy was provided; 1 if policy provided, 0 if not
* M2 = (From optional manual review) Binary value indicating whether the provided password policy includes a valid requirement for unique passwords; 1 if unique passwords required, 0 if not

Metrics
-------

Password Policy Existence
^^^^^^^^^^^^^^^^^^^^^^^^^
.. list-table::

	* - **Metric**
	  - | This metric indicates the existence of a password policy for the organization
	* - **Calculation**
	  - :code:`M1 == 1`

Policy Review
^^^^^^^^^^^^^
(Optional Manual Review) Pass if the organization's password policy includes a unique password requirement.

.. history
.. authors
.. license