+ORP.4.A13 Selection of Suitable Authentication Mechanisms [IT Operation Department] (S)

1. Overview

ORP.4.A13 Selection of Suitable Authentication Mechanisms [IT Operation Department] (S)

Identification and authentication mechanisms that meet the protection needs at hand SHOULD be used. Authentication data SHOULD be protected by IT systems and/or applications against espionage, modification, and destruction during processing. IT systems and applications SHOULD increasingly delay further authentication attempts after each unsuccessful attempt. It should be possible to limit the total duration of a login attempt. After the specified number of unsuccessful authentication attempts is exceeded, IT systems and applications SHOULD block the user ID in question.

Summary	Standard

1.1 References

1.2 Identified Requirements

1.2 Related Regulation

2. Identified Requirements

Requirements
Source	Requirement

3. Related Regulations

Regulations
Source	Regulation

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022