Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.2.2 and 2.7.1 are duplicates #1811

Open
jmanico opened this issue Dec 18, 2023 · 2 comments
Open

2.2.2 and 2.7.1 are duplicates #1811

jmanico opened this issue Dec 18, 2023 · 2 comments
Assignees
@tghosth
Labels
4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@jmanico
Copy link
Member

jmanico commented Dec 18, 2023

2.2.2 [MODIFIED, SPLIT TO 2.2.12] Verify that restricted authenticators (those using PSTN to deliver OTPs via phone or SMS) are offered only when alternate stronger methods are also offered and when the service provides information on their security risks to users.
2.7.1 Verify that clear text out of band (NIST "restricted") authenticators, such as SMS or PSTN, are not offered by default, and stronger alternatives such as push notifications are offered first.

Suggest deleting 2.7.1
@elarlang elarlang added the V2 label Dec 18, 2023
@elarlang
Copy link
Collaborator

@tghosth - do you agree, that 2.7.1 is duplicate of 2.2.2 and can be deleted?

@tghosth
Copy link
Collaborator

tghosth commented Jan 24, 2024

This is another weird NIST artefact, I think we consider this in the V2 rework but it seems likely we will need to do something drastic with this chapter.

@tghosth tghosth added 4b Major-rework These issues need to be part of a full chapter rework _5.0 - prep This needs to be addressed to prepare 5.0 labels Jan 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tghosth tghosth

Labels
4b Major-rework These issues need to be part of a full chapter rework V2 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmanico @tghosth @elarlang