27 CFR 73.12 - What security controls must I use for identification codes and passwords?

Status message

There is 1 rule appearing in the Federal Register for 27 CFR 73. View below or at eCFR (GPOAccess)
prev | next
§ 73.12 What security controls must I use for identification codes and passwords?
If you use electronic signatures based upon use of identification codes in combination with passwords, you must employ controls to ensure their security and integrity. These controls must include:
(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password;
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging);
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, or other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls;
(d) Using transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit and, as appropriate, to organizational management; and
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in any unauthorized manner.

Title 27 published on 2014-04-01

The following are only the Rules published in the Federal Register after the published date of Title 27.

For a complete list of all Rules, Proposed Rules, and Notices view the Rulemaking tab.

  • 2014-09-03; vol. 79 # 170 - Wednesday, September 3, 2014
    1. 79 FR 52198 - Electronic Submission of Forms, the Finished Products Records for Distilled Spirits Plants, and Closures on Certain Distilled Spirits Products; Correction
      GPO FDSys XML | Text
      DEPARTMENT OF THE TREASURY, Alcohol and Tobacco Tax and Trade Bureau
      Direct final rule; Treasury decision; Correction.
      Effective September 3, 2014.
      27 CFR Part 73

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code

Title 27 published on 2014-04-01

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 27 CFR 73 after this date.

  • 2014-09-03; vol. 79 # 170 - Wednesday, September 3, 2014
    1. 79 FR 52198 - Electronic Submission of Forms, the Finished Products Records for Distilled Spirits Plants, and Closures on Certain Distilled Spirits Products; Correction
      GPO FDSys XML | Text
      DEPARTMENT OF THE TREASURY, Alcohol and Tobacco Tax and Trade Bureau
      Direct final rule; Treasury decision; Correction.
      Effective September 3, 2014.
      27 CFR Part 73