RFC 3871           Operational Security Requirements      September 2004

2.11.11.  Logs Do Not Contain Passwords

   Requirement.

      Passwords SHOULD be excluded from all audit records, including

      records of successful or failed authentication attempts.

   Justification.

      Access control and authorization requirements differ for

      accounting records (logs) and authorization databases (passwords).

      Logging passwords may grant unauthorized access to individuals

      with access to the logs.  Logging failed passwords may give hints

      about actual passwords.  See section 4.5.4.4 of [RFC2196].

   Examples.

      A user may make small mistakes in entering a password such as

      using incorrect capitalization ("my password" vs. "My Password").

   Warnings.

      There may be situations where it is appropriate/required to log

      passwords.

2.12.  Authentication, Authorization, and Accounting (AAA) Requirements

2.12.1.  Authenticate All User Access

   Requirement.

      The device MUST provide a facility to perform authentication of

      all user access to the system.

   Justification.

      This functionality is required so that access to the system can be

      restricted to authorized personnel.

   Examples.

      This requirement MAY be satisfied by implementing a centralized

      authentication system.  See Section 2.12.5.  It MAY also be

      satisfied using local authentication.  See Section 2.12.6.

   Warnings.

      None.

Jones                        Informational                     [Page 55]