OpenControls Logo

STIG Viewer

NIST 800-53 Rev 5

424 controls available

My Controls0NIST 800-53 Catalog424Collections0
IA-6lowmoderatehigh

Authentication Feedback

Identification and Authentication

Control Statement

Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.

Discussion

Authentication feedback from systems does not provide information that would allow unauthorized individuals to compromise authentication mechanisms. For some types of systems, such as desktops or notebooks with relatively large monitors, the threat (referred to as shoulder surfing) may be significant. For other types of systems, such as mobile devices with small displays, the threat may be less significant and is balanced against the increased likelihood of typographic input errors due to small keyboards. Thus, the means for obscuring authentication feedback is selected accordingly. Obscuring authentication feedback includes displaying asterisks when users type passwords into input devices or displaying feedback for a very limited time before obscuring it.

Framework
NIST SP 800-53 Rev 5
Family
Identification and Authentication
Baselines
low, moderate, high

Related Frameworks

2 paths across 2 frameworks
NIST 800-1711 mapping
3.5.11
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000206
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

41 STIGs reach this control through 1 CCI. Expand a row to see the responsible NICE and O*NET roles.

Operating System — Desktop

4 STIGs
Apple macOS 14 (Sonoma) Security Technical Implementation Guide
22024-12-042 of 155 findings match
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
12025-05-052 of 161 findings match
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
V1R72026-02-062 of 160 findings match
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
V1R22026-02-112 of 160 findings match

Operating System — Server

2 STIGs
General Purpose Operating System Security Requirements Guide
32024-12-041 of 198 findings match
General Purpose Operating System Security Requirements Guide
V3R32025-09-221 of 203 findings match

Operating System — Mainframe

4 STIGs
IBM z/OS ACF2 Security Technical Implementation Guide
92025-06-243 of 226 findings match
IBM z/OS ACF2 Security Technical Implementation Guide
V9R82026-03-093 of 225 findings match
Mainframe Product Security Requirements Guide
32024-12-051 of 193 findings match
Mainframe Product Security Requirements Guide
V3R42025-09-101 of 194 findings match

Network Device

2 STIGs
Network Device Management Security Requirements Guide
V5R32025-02-111 of 104 findings match
Network Device Management Security Requirements Guide
V5R42025-09-101 of 105 findings match

Database

17 STIGs
EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide
V2R12024-08-272 of 118 findings match
IBM DB2 V10.5 LUW Security Technical Implementation Guide
V2R12023-06-112 of 93 findings match
Microsoft Azure SQL Managed Instance Security Technical Implementation Guide
V1R12025-10-072 of 84 findings match
MS SQL Server 2016 Instance Security Technical Implementation Guide
32025-06-112 of 101 findings match
MS SQL Server 2016 Instance Security Technical Implementation Guide
V3R62025-12-082 of 84 findings match
Database Security Requirements Guide
42024-12-041 of 142 findings match
Database Security Requirements Guide
V4R52026-02-261 of 142 findings match
MariaDB Enterprise 10.x Security Technical Implementation Guide
22024-12-051 of 110 findings match
Show 9 more STIGs in this category →
MariaDB Enterprise 10.x Security Technical Implementation Guide
V2R52026-03-021 of 107 findings match
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
12025-05-301 of 80 findings match
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
V1R42026-02-251 of 79 findings match
MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide
V1R12024-09-271 of 50 findings match
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
V1R12026-02-201 of 55 findings match
Oracle Database 19c Security Technical Implementation Guide
12025-06-241 of 96 findings match
Oracle Database 19c Security Technical Implementation Guide
V1R52026-02-251 of 96 findings match
Oracle MySQL 8.0 Security Technical Implementation Guide
V2R22024-09-041 of 100 findings match
Redis Enterprise 6.x Security Technical Implementation Guide
V2R22024-09-041 of 71 findings match

Web / Application Server

4 STIGs
Application Security and Development Security Technical Implementation Guide
62025-02-121 of 286 findings match
Application Security and Development Security Technical Implementation Guide
V6R42025-09-091 of 286 findings match
Application Server Security Requirements Guide
42025-02-111 of 128 findings match
Application Server Security Requirements Guide
V4R42025-09-101 of 137 findings match

Virtualization / Container

4 STIGs
Container Platform Security Requirements Guide
22025-05-151 of 187 findings match
Container Platform Security Requirements Guide
V2R42025-09-101 of 188 findings match
Virtual Machine Manager Security Requirements Guide
22024-12-061 of 193 findings match
Virtual Machine Manager Security Requirements Guide
V2R32025-09-101 of 198 findings match

Endpoint Security Management

4 STIGs
Central Log Server Security Requirements Guide
32024-12-041 of 125 findings match
Central Log Server Security Requirements Guide
V3R42026-02-121 of 127 findings match
Unified Endpoint Management Server Security Requirements Guide
22024-12-091 of 137 findings match
Unified Endpoint Management Server Security Requirements Guide
V2R42025-09-101 of 138 findings match