Capacity
CCI-000192
The information system enforces password complexity by the minimum number of upper case characters used.
19
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session
5
Rule
Severity: Medium
Configure PAMs passwd Module To Implement system-auth Substack When Changing Passwords
16
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters
7
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Enforce for root User
2
Rule
Severity: Medium
Set Password Strength Minimum Uppercase Characters
1
Rule
Severity: Medium
AAA Services must be configured to enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
If multifactor authentication is not supported and passwords must be used, the Akamai Luna Portal must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The application must enforce password complexity by requiring that at least one upper-case character be used.
2
Rule
Severity: Medium
DBMS authentication using passwords must be avoided.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The FortiGate device must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If multifactor authentication is not supported and passwords must be used, CounterACT must enforce password complexity by requiring that at least one upper-case character be used.
2
Rule
Severity: Medium
Forescout must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The HYCU server must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If multifactor authentication is not supported and passwords must be used, the DataPower Gateway must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
IBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol.
1
Rule
Severity: Medium
IBM Aspera Faspex must require password complexity features to be enabled.
1
Rule
Severity: Medium
IBM Aspera Shares must require password complexity features to be enabled.
1
Rule
Severity: Medium
The MQ Appliance network device must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
IBM zVM CA VM:Secure product PASSWORD user exit must be in use.
1
Rule
Severity: Medium
The Ivanti MobileIron Core server must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
MobileIron Sentry must enforce password complexity by requiring that at least one upper-case character be used.
2
Rule
Severity: Medium
The Manager Web app password must be configured as follows: -15 or more characters -at least one lower case letter -at least one upper case letter -at least one number -at least one special character
2
Rule
Severity: Medium
The Jamf Pro EMM local accounts must be configured with at least one uppercase character.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce password complexity by requiring that at least one upper-case character be used.
2
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one upper-case character be used.
1
Rule
Severity: Medium
The Mainframe Product must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.
2
Rule
Severity: Medium
ONTAP must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The network device must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
Nutanix AOS must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
Oracle WebLogic must enforce password complexity by the number of upper-case characters used.
2
Rule
Severity: Medium
Prisma Cloud Compute local accounts must enforce strong password requirements.
2
Rule
Severity: Medium
The Riverbed NetProfiler must configure the local account password to "require mixed case".
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Low
Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one upper-case character be used.
2
Rule
Severity: Medium
The TippingPoint SMS must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The UEM server must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The password values must be set to meet the requirements in accordance with DoDI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND)).
3
Rule
Severity: Low
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
2
Rule
Severity: Medium
The macOS system must require passwords contain a minimum of one lowercase character and one uppercase character.
2
Rule
Severity: Medium
The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: Medium
The Cisco router must be configured to enforce password complexity by requiring that at least one upper-case character be used.
3
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The container platform must enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: High
If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: High
If DBMS authentication, using passwords, is employed, the DBMS must enforce the DoD standards for password complexity and lifetime.
1
Rule
Severity: Medium
The HPE Nimble must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The operating system must enforce password complexity by requiring that at least one upper-case character be used.
2
Rule
Severity: High
AIX must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The CA-TSS NEWPHRASE and PPSCHAR Control Options must be properly set.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require at least one upper-case character be used.
1
Rule
Severity: Medium
IBM RACF PASSWORD(RULEn) SETROPTS value(s) must be properly set.
1
Rule
Severity: Medium
The ICS must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If MarkLogic Server authentication using passwords is employed, MarkLogic Server must enforce the DoD standards for password complexity and lifetime.
1
Rule
Severity: High
If MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DoD standards for password complexity.
1
Rule
Severity: Medium
If MariaDB authentication using passwords is employed, MariaDB must enforce the DoD standards for password lifetime.
1
Rule
Severity: High
If DBMS authentication using passwords is employed, MongoDB must enforce the DoD standards for password complexity and lifetime.
1
Rule
Severity: High
If passwords are used for authentication, MongoDB must implement LDAP or Kerberos for authentication to enforce the DoD standards for password complexity and lifetime.
1
Rule
Severity: High
If DBMS authentication using passwords is employed, SQL Server must enforce the DoD standards for password complexity and lifetime.
2
Rule
Severity: Medium
Contained databases must use Windows principals.
6
Rule
Severity: Medium
The built-in Microsoft password complexity filter must be enabled.
2
Rule
Severity: Medium
Windows Server 2016 must have the built-in Windows password complexity policy enabled.
3
Rule
Severity: Medium
Windows Server 2019 must have the built-in Windows password complexity policy enabled.
3
Rule
Severity: Medium
Windows Server 2022 must have the built-in Windows password complexity policy enabled.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce minimum password length.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations.
2
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of upper-case characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of lower-case characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of numeric characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of special characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.
1
Rule
Severity: Medium
Procedures for establishing temporary passwords that meet DoD password requirements for new accounts must be defined, documented, and implemented.
1
Rule
Severity: Medium
The DBMS must enforce password maximum lifetime restrictions.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.
2
Rule
Severity: Low
OL 8 must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: High
If Database Management System (DBMS) authentication using passwords is employed, the DBMS must enforce the DoD standards for password complexity and lifetime.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
If DBMS authentication using passwords is employed, Redis Enterprise DBMS must enforce the DoD standards for password complexity and lifetime.
2
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.
2
Rule
Severity: Medium
RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one upper-case character.
2
Rule
Severity: Medium
RHEL 9 must ensure the password complexity module in the system-auth file is configured for three retries or less.
2
Rule
Severity: Medium
RHEL 9 must ensure the password complexity module is enabled in the password-auth file.
2
Rule
Severity: Medium
RHEL 9 must enforce password complexity rules for the root account.
2
Rule
Severity: Medium
RHEL 9 must enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one uppercase character.
2
Rule
Severity: Medium
The system must require passwords to contain at least one uppercase alphabetic character.
2
Rule
Severity: Low
Splunk Enterprise must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The VMM must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The ESXi host must be configured with a sufficiently complex password policy.
4
Rule
Severity: Medium
The vCenter Server passwords must contain at least one uppercase character.
3
Rule
Severity: Medium
The ESXi host must enforce password complexity by configuring a password quality policy.
4
Rule
Severity: Medium
The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used.
3
Rule
Severity: Medium
The Photon operating system must be configured to use the pam_pwquality.so module.
1
Rule
Severity: High
If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DoD standards for password complexity and lifetime.
1
Rule
Severity: Medium
If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Medium
The application must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce password complexity by requiring at least one uppercase character be used.
1
Rule
Severity: Medium
The Cisco router must be configured to enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Dragos Platform must configure local password policies.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
Sentry must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one uppercase character be used.
1
Rule
Severity: High
If MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DOD standards for password complexity.
1
Rule
Severity: Medium
If MariaDB authentication using passwords is employed, MariaDB must enforce the DOD standards for password lifetime.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
If MarkLogic Server authentication using passwords is employed, MarkLogic Server must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: High
If DBMS authentication using passwords is employed, SQL Server must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of uppercase characters used.
1
Rule
Severity: High
If Database Management System (DBMS) authentication using passwords is employed, the DBMS must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If DBMS authentication using passwords is employed, Redis Enterprise DBMS must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
SLEM 5 must enforce passwords that contain at least one uppercase character.
1
Rule
Severity: Low
Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The NSX Manager must enforce password complexity by requiring that at least one uppercase character be used for local accounts.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules