- You MUST NOT write passwords on paper
- You MUST use a encrypted password database
- You MUST NOT use biometric encryption
- You MUST use 2FA with Token wherever possible
- You MUST safe Backup Tokens encrypted
- You MUST safe passwords in the password Database
- Passwords MUST be randomly generated and contain Numbers, Letters, Special Characters and MUST be minimum 24 Characters long
- You MUST encrypt all passwords which are used for configuration with ansible-vault or similar tools
- You MUST encrypt your hardware devices
- You MUST NOT use password authentication for SSH
- You MUST use key authentication for SSH