SPA Objectives - Password Manager

From Cooey Wiki
Revision as of 19:51, 9 September 2025 by Liatris (talk | contribs) (Created page in draft form)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

When is a Password Manager an SPA?

When a password manager is organizationally managed or provisioned for use within the scope of the CUI information system then the password manager should be scoped as an SPA.

When users choose to use a password manager (such as one built-in to their browser on their in-scope computers), then these are not considered an SPA, since the protection of the password is the responsibility of the user, not the organization.

Assessment Objectives to Assess

IA.L2-3.5.10 - CRYPTOGRAPHICALLY-PROTECTED PASSWORDS

SC.L2-3.13.10 - KEY MANAGEMENT

Retrieved from "https://cooey.wiki/index.php?title=SPA_Objectives_-_Password_Manager&oldid=143"