Skip to content
ATO Pathways
  Log In

CCI-000195

The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Logo
18

Rule

Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Different Categories
Logo
13

Rule

Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Different Characters
Logo
12

Rule

Severity: Medium
Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class
Logo
12

Rule

Severity: Medium
Set Password Maximum Consecutive Repeating Characters
Logo
7

Rule

Severity: Medium
Ensure PAM Enforces Password Requirements - Enforce for root User
Logo
2

Rule

Severity: Medium
Set Password Strength Minimum Different Characters
Logo
1

Rule

Severity: Medium
AAA Services must be configured to require the change of at least eight of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
Logo
1

Rule

Severity: Medium
The application must require the change of at least 8 of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
If multifactor authentication is not supported and passwords must be used, the CA API Gateway must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.
Logo
1

Rule

Severity: Low
The Central Log Server must be configured to require the change of at least 8 of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
The FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
2

Rule

Severity: Low
Forescout must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
1

Rule

Severity: Medium
The HYCU server must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
1

Rule

Severity: Medium
IBM zVM CA VM:Secure product PASSWORD user exit must be in use.
Logo
1

Rule

Severity: Medium
The Mainframe Product must require the change of at least 8 of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.
Logo
1

Rule

Severity: Medium
The network device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
1

Rule

Severity: Medium
Nutanix AOS must require the change of at least 50 percent of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
Nutanix AOS must require the change of at least four character classes when passwords are changed.
Logo
1

Rule

Severity: Medium
Nutanix AOS must require the maximum number of repeating characters be limited to three when passwords are changed.
Logo
1

Rule

Severity: Medium
Nutanix AOS must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
Logo
1

Rule

Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged  using external identity providers for authentication and grouping to role-based assignments when possible.
Logo
2

Rule

Severity: Medium
The Riverbed NetProfiler must be configured to enforce a minimum 15-character password length.
Logo
1

Rule

Severity: Medium
Riverbed Optimization System (RiOS) must require that when a password is changed, the characters are changed in at least 15 of the positions within the password.
Logo
1

Rule

Severity: High
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
Logo
1

Rule

Severity: Medium
The UEM server must require the change of at least 15 of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
The password values must be set to meet the requirements in accordance with DoDI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND)).
Logo
3

Rule

Severity: Medium
Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.
Logo
3

Rule

Severity: Low
The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.
Logo
2

Rule

Severity: Medium
The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
3

Rule

Severity: Medium
The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
3

Rule

Severity: Medium
The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
1

Rule

Severity: Medium
The container platform must require the change of at least 15 of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
The HPE Nimble must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
2

Rule

Severity: Medium
Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters.
Logo
1

Rule

Severity: Medium
The operating system must require the change of at least 50% of the total number of characters when passwords are changed.
Logo
2

Rule

Severity: High
AIX must require the change of at least 50% of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
The CA-TSS NEWPW control options must be properly set.
Logo
1

Rule

Severity: Medium
ACF2 PSWD GSO record value must be set to require the change of at least 50% of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
IBM RACF exit ICHPWX01 must be installed and properly configured.
Logo
1

Rule

Severity: Medium
The ICS must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
2

Rule

Severity: Medium
The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
2

Rule

Severity: Medium
The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.
Logo
2

Rule

Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.
Logo
2

Rule

Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.
Logo
2

Rule

Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.
Logo
2

Rule

Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.
Logo
2

Rule

Severity: Medium
OL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
Logo
2

Rule

Severity: Medium
OL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
Logo
2

Rule

Severity: Medium
OL 8 must require the change of at least four character classes when passwords are changed.
Logo
1

Rule

Severity: Low
OL 8 must require the change of at least 8 characters when passwords are changed.
Logo
2

Rule

Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.
Logo
2

Rule

Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.
Logo
1

Rule

Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.
Logo
2

Rule

Severity: Medium
RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 8 must require the change of at least four character classes when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 8 must require the change of at least 8 characters when passwords are changed.
Logo
2

Rule

Severity: Medium
The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 9 must enforce password complexity rules for the root account.
Logo
2

Rule

Severity: Medium
RHEL 9 must require the change of at least eight characters when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 9 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 9 must require the maximum number of repeating characters be limited to three when passwords are changed.
Logo
2

Rule

Severity: Medium
RHEL 9 must require the change of at least four character classes when passwords are changed.
Logo
2

Rule

Severity: Medium
The SUSE operating system must require the change of at least eight of the total number of characters when passwords are changed.
Logo
2

Rule

Severity: Medium
The system must require at least eight characters be changed between the old and new passwords during a password change.
Logo
1

Rule

Severity: Medium
The VMM must require the change of at least 8 of the total number of characters when passwords are changed.
Logo
5

Rule

Severity: Medium
Samsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.
Logo
1

Rule

Severity: Medium
The ESXi host must be configured with a sufficiently complex password policy.
Logo
3

Rule

Severity: Medium
The ESXi host must enforce password complexity by configuring a password quality policy.
Logo
1

Rule

Severity: Medium
The Photon operating system must require that new passwords are at least four characters different from the old password.
Logo
3

Rule

Severity: Medium
The Photon operating system must require the change of at least eight characters when passwords are changed.
Logo
1

Rule

Severity: Medium
If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.
Logo
1

Rule

Severity: Medium
The application must require the change of at least eight of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
Ubuntu 22.04 LTS must require the change of at least eight characters when passwords are changed.
Logo
1

Rule

Severity: Medium
Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.
Logo
1

Rule

Severity: Medium
The F5 BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
Logo
1

Rule

Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
Logo
1

Rule

Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
Logo
1

Rule

Severity: Low
OL 8 must require the change of at least eight characters when passwords are changed.
Logo
1

Rule

Severity: Medium
SLEM 5 must require the change of at least eight of the total number of characters when passwords are changed.
Logo
1

Rule

Severity: Medium
The NSX Manager must require that when a password is changed, the characters are changed in at least eight of the positions within the password.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules