woodytrombone

joined 2 years ago

Almost as ~~bad~~ glorious as Breezewood, PA.

[–] woodytrombone@lemmy.dbzer0.com 1 points 3 months ago

Yep, that's dumb. SOC2 is built upon NIST guidance, not the other way around.

[–] woodytrombone@lemmy.dbzer0.com 3 points 3 months ago (2 children)

If you have any voice with your Security department, you can tell them that rotating passwords are counter to NIST SP 800-63B (Section 10.2.1) guidance:

Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.