Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IAM.2.04 - Authentication Credential Maintenance

On this page

IAM.2.04 - Authentication Credential Maintenance

Control Statement

Authorized personnel verify the identity of users before modifying authentication credentials on their behalf.


Verifying the identity of users before making authentication changes prevents attackers from impersonating someone in order to gain access to their credentials.


This control applies to:



For the remediation of this control these are the steps that should be followed:

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Authentication Credential Maintenance issue

Policy Reference

Framework Mapping