ISO 27001

ISO 27001 A.8.5: Secure Authentication Explained

Implement secure authentication technologies and procedures commensurate with information access restrictions and the access control policy.

OFFICIAL REFERENCE (PARAPHRASED)

Secure authentication technologies and procedures shall be implemented based on information access restrictions and the topic-specific policy on access control. (ISO/IEC 27001:2022 Annex A.8.5)

Last reviewed: June 2026. Not legal or audit advice.

WHAT EVIDENCE SATISFIES THIS

✓ MFA enforcement configuration
✓ Password and authentication standard
✓ Authentication failure lockout settings
✓ Privileged access authentication requirements

Cross-framework overlap

This control requirement also appears in:

SOC 2 CC6.6 →

See this control in your personalized checklist

Start free →

See your readiness in 5 minutes

Answer a few questions and get a personalized, actionable checklist, free, no card.

Get your free checklist →