IA-5.7: No Embedded Unencrypted Static Authenticators

Statement

• Ensure that unencrypted static authenticators are not embedded in applications or other forms of static storage.

  • • Guidance:

      In this context, prohibited static storage refers to any storage where unencrypted authenticators, such as passwords, persist beyond the time required to complete the access process.