NIST Security Rules

Regulated work often comes with an authentication standard attached. US FDA Title 21 CFR Part 11, and the security controls written into many defense and aerospace contracts, expect user accounts to follow published rules for how a password is chosen, how it is stored, and how long a login stays valid. PartsBox can enforce the rules in NIST Special Publication 800-63B at Authenticator Assurance Level 1 (AAL1).

What enforcement adds

An administrator turns this on for the organization, in the database settings. Once enabled, it applies to every member of that database:

  • Common-password screening. When someone sets or changes a password, PartsBox checks it against a list of the most common passwords and refuses a match. You choose how large that list is — the top 100 entries by default, up to the top 100,000.
  • Session lifetime limit. A login stays valid for at most 30 days. After that the user signs in again, whether or not the session was still active. This is the reauthentication limit AAL1 sets.

What every account already gets

Some of what NIST 800-63B asks for, PartsBox already does for every account, on every plan:

  • Password length. A password is between 8 and 512 characters. Long passphrases are allowed, with no forced symbol rules and no periodic expiry, matching current NIST guidance.
  • Unicode normalization. Passwords are normalized before hashing, so a passphrase authenticates the same way across different keyboards and devices.
  • Salted, hashed storage. A password is stored only as a salted bcrypt hash, never in a form anyone can read.
  • Lockout after repeated failures. Too many wrong passwords in a row lock the account for a short period, which stops password guessing.

AAL1 is single-factor: a password, chosen and handled correctly, is enough. PartsBox does not add a second authentication factor. For the rest of a regulated setup, combine these rules with role-based access control, the audit trail, and lot control — see Title 21 CFR Part 11 for how the pieces fit together.

NIST SP 800-63B AAL1 enforcement is on the Compliance plan.

Control your inventory, ordering and production

Try the demo

Plans & pricing