U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

    Publications

NIST SP 800-118 (Initial Public Draft)

Guide to Enterprise Password Management

Date Published: April 2009
Comments Due: May 29, 2009 (public comment period is CLOSED)
Email Questions to: 800-118comments@nist.gov

Planning Note (04/01/2016):

This draft publication has been retired.


Author(s)

Karen Scarfone (Scarfone Cybersecurity), Murugiah Souppaya (NIST)

Announcement

NIST announces that Draft Special Publication (SP) 800-118, Guide to Enterprise Password Management, has been released for public comment. SP 800-118 is intended to help organizations understand and mitigate common threats against their character-based passwords. The guide focuses on topics such as defining password policy requirements and selecting centralized and local password management solutions.
 
The public comment period closed on May 29, 2009.

Abstract

Keywords

authentication; enterprise systems; password management; security
Control Families

Identification and Authentication; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity

Documentation

Publication:
Draft SP 800-118 (pdf)

Supplemental Material:
None available

Document History:
04/21/09: SP 800-118 (Draft)