Your company may have specific guidance on how to set up a password manager. Verify this with your IT and compliance teams.
HERE'S WHY
Passwords are a critical part of security. Proper creation, storage, and sharing of passwords are made easier with password managers.
Below is a list of possible password managers your company may be using. Be sure to ask your IT Director or Manager which password manager is approved by your company. This should be stated in the company's Password Policy stored in Drata.
Password Managers:
If you use a password manager that Drata does not recognize, your Drata administrator can contact the Drata team to request an evaluation for adding it to the approved list.
HERE'S HOW
Download and install your company's approved password manager. It might already be installed on your workstation if your company is using an MDM tool (Kandji, Jamf, etc.). If you are using the Drata Agent, it will automatically report your compliance status to Drata.
Make sure that proper preferences are set for your password manager:
Set a strong unlock password
Auto-lock after 5 minutes of inactivity
Auto-lock at sleep
macOS Native Password Manager
Currently, we do not scan and monitor the Mac OS native Password manager, because MacOS does not provide a straightforward method to determine if the native Password manager is being actively used, which poses challenges for ensuring compliance and proper security monitoring.