CCI-000194

The information system enforces password complexity by the minimum number of numeric characters used.

6 rules found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

2 rules found Severity: Medium

2 rules found Severity: Low

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: Low

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

2 rules found Severity: Medium

3 rules found Severity: Medium

1 rule found Severity: High

CCI-000194

Ensure PAM Enforces Password Requirements - Minimum Digit Characters

Ensure PAM Enforces Password Requirements - Enforce for root User

Set Password Strength Minimum Digit Characters

Compliance Guardian must provide automated mechanisms for supporting account management functions.

If multifactor authentication is not supported and passwords must be used, the Akamai Luna Portal must enforce password complexity by requiring that at least one numeric character be used.

If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one numeric character be used.

The FortiGate device must enforce password complexity by requiring at least one numeric character be used.

CounterACT must enforce password complexity by requiring that at least one numeric character be used.

If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one numeric character be used.

The HYCU server must enforce password complexity by requiring that at least one uppercase character be used.

If multifactor authentication is not supported and passwords must be used, the DataPower Gateway must enforce password complexity by requiring that at least one numeric character be used.

IBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol.

IBM Aspera Faspex must require password complexity features to be enabled.

IBM Aspera Shares must require password complexity features to be enabled.

The MQ Appliance network device must enforce password complexity by requiring that at least one numeric character be used.

IBM zVM CA VM:Secure product PASSWORD user exit must be in use.

The Ivanti MobileIron Core server must enforce password complexity by requiring that at least one numeric character be used.

MobileIron Sentry must enforce password complexity by requiring that at least one numeric character be used.

If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.

Nutanix AOS must enforce password complexity by requiring that at least one numeric character be used.

Oracle WebLogic must enforce password complexity by the number of numeric characters used.

Riverbed Optimization System (RiOS) must enforce password complexity by requiring that at least one numeric character be used.

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

The macOS system must enforce password complexity by requiring that at least one numeric character be used.

The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.

The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are assigned, the new password must contain at least one numeric character.

If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must enforce password complexity by requiring that at least one numeric character be used.

The Cisco ASA must be configured to enforce password complexity by requiring that at least one numeric character be used.

For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one digit be used.

The F5 BIG-IP appliance must enforce password complexity by requiring that at least one numeric character be used.

AIX must enforce password complexity by requiring that at least one numeric character be used.

The Jamf Pro EMM local accounts must be configured with at least one number.

Sentry must enforce password complexity by requiring that at least one numeric character be used.

The Juniper EX switch must be configured to enforce password complexity by requiring that at least one numeric character be used.

MKE must be configured to integrate with an Enterprise Identity Provider.

Windows Server 2016 must have the built-in Windows password complexity policy enabled.

ONTAP must enforce password complexity by requiring that at least one numeric character be used.

The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are assigned, the new password must contain at least one numeric character.

SLEM 5 must enforce passwords that contain at least one numeric character.

Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one numeric character be used.

Splunk Enterprise must be configured to enforce password complexity by requiring that at least one numeric character be used.

The TippingPoint SMS must enforce password complexity by requiring that at least one numeric character be used.

The macOS system must require passwords contain a minimum of one numeric character.

The application must enforce password complexity by requiring that at least one numeric character be used.

Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric character be used.

The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.

The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used.

The Dragos Platform must configure local password policies.

Forescout must enforce password complexity by requiring that at least one numeric character be used.

AOS must enforce password complexity by requiring that at least one numeric character be used.

The Juniper router must be configured to enforce password complexity by requiring that at least one numeric character be used.

For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one numeric character be used.

The built-in Microsoft password complexity filter must be enabled.

Windows Server 2019 must have the built-in Windows password complexity policy enabled.

Windows Server 2022 must have the built-in Windows password complexity policy enabled.

The DBMS must support organizational requirements to enforce password complexity by the number of numeric characters used.

Prisma Cloud Compute local accounts must enforce strong password requirements.

OL 8 must enforce password complexity by requiring that at least one numeric character be used.

OpenShift must use FIPS validated LDAP or OpenIDConnect.

If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one numeric character be used.

RHEL 8 must enforce password complexity by requiring that at least one numeric character be used.

RHEL 9 must enforce password complexity rules for the root account.

RHEL 9 must enforce password complexity by requiring that at least one numeric character be used.

The SUSE operating system must enforce passwords that contain at least one numeric character.

The system must require passwords to contain at least one numeric character.

The NSX Manager must enforce password complexity by requiring that at least one numeric character be used for local accounts.

The ESXi host must be configured with a sufficiently complex password policy.

The ESXi host must enforce password complexity by configuring a password quality policy.

The Photon operating system must enforce password complexity by requiring that at least one numeric character be used.

The vCenter Server passwords must contain at least one numeric character.

Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.