Skip to content
Log In

CCI-000196

The information system, for password-based authentication, stores only cryptographically-protected passwords.

Set PAM''s Password Hashing Algorithm

27 rules found Severity: Medium

Logo

Verify No netrc Files Exist

31 rules found Severity: Medium

Logo

Ensure system-auth and password-auth files are symbolic links pointing to system-auth-local and password-auth-local

4 rules found Severity: Medium

Logo

Set Password Hashing Algorithm in /etc/libuser.conf

4 rules found Severity: Medium

Logo

Set Password Hashing Algorithm in /etc/login.defs

5 rules found Severity: Medium

Logo

Set PAM''s Password Hashing Algorithm - password-auth

5 rules found Severity: Medium

Logo

Set number of Password Hashing Rounds - password-auth

5 rules found Severity: Medium

Logo

Set number of Password Hashing Rounds - system-auth

4 rules found Severity: Medium

Logo

Set Password Hashing Rounds in /etc/login.defs

1 rule found Severity: Medium

Logo

Verify All Account Password Hashes are Shadowed with SHA512

1 rule found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

CA VM:Secure product Password Encryption (PEF) option must be properly configured to store and transmit cryptographically-protected passwords.

1 rule found Severity: High

Logo

The Apache Tomcat Manager Web app password must be cryptographically hashed with a DoD approved algorithm.

1 rule found Severity: Medium

Logo

Nutanix AOS must store only encrypted representations of passwords.

1 rule found Severity: High

Logo

The Ubuntu operating system must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

1 rule found Severity: Medium

Logo

If passwords are used for authentication, MongoDB must store only hashed, salted representations of passwords.

3 rules found Severity: High

Logo

The DBMS must support organizational requirements to enforce password encryption for storage.

1 rule found Severity: Medium

Logo

If passwords are used for authentication, PostgreSQL must store only hashed, salted representations of passwords.

3 rules found Severity: High

Logo

The Red Hat Enterprise Linux operating system must be configured so that the PAM system service is configured to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility.

1 rule found Severity: Medium

Logo

If passwords are used for authentication, the EDB Postgres Advanced Server must store only hashed, salted representations of passwords.

2 rules found Severity: High

Logo

The BIG-IP appliance must only store encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Ubuntu operating system must prohibit password reuse for a minimum of five generations.

1 rule found Severity: Low

Logo

For accounts using password or PINs for authentication, the Enterprise Voice, Video, and Messaging Endpoint must store only cryptographic representations of passwords.

1 rule found Severity: Medium

Logo

When using locally stored user accounts, the Enterprise Voice, Video, and Messaging Session Manager must store only cryptographic representations of passwords.

1 rule found Severity: Medium

Logo

If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords.

1 rule found Severity: High

Logo

The WebSphere Liberty Server must store only encrypted representations of user passwords.

1 rule found Severity: High

Logo

The AIX system must have no .netrc files on the system.

1 rule found Severity: High

Logo

A unique database name and a unique MySQL user with a secure password must be created for use in Jamf Pro EMM.

1 rule found Severity: Medium

Logo

The Juniper EX switch must be configured to only store cryptographic representations of passwords.

1 rule found Severity: High

Logo

The JBoss Password Vault must be used for storing passwords or other sensitive configuration information.

1 rule found Severity: Medium

Logo

JBoss KeyStore and Truststore passwords must not be stored in clear text.

1 rule found Severity: Medium

Logo

Secrets in Kubernetes must not be stored as environment variables.

1 rule found Severity: High

Logo

Swarm Secrets or Kubernetes Secrets must be used.

1 rule found Severity: Medium

Logo

Reversible password encryption must be disabled.

4 rules found Severity: High

Logo

The system must be configured to prevent the storage of the LAN Manager hash of passwords.

4 rules found Severity: High

Logo

Windows Server 2016 reversible password encryption must be disabled.

1 rule found Severity: High

Logo

Windows Server 2016 must be configured to prevent the storage of the LAN Manager hash of passwords.

1 rule found Severity: High

Logo

The Oracle Linux operating system must be configured so that the PAM system service is configured to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must be configured to use the shadow file to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must be configured to prevent overwriting of custom authentication configuration settings by the authconfig utility.

1 rule found Severity: Medium

Logo

If passwords are used for authentication, the MySQL Database Server 8.0 must store only hashed, salted representations of passwords.

1 rule found Severity: Medium

Logo

The Riverbed NetProfiler must be configured to implement cryptographic mechanisms using a FIPS 140-2/140-3 validated algorithm to protect the confidentiality and integrity of all cryptographic functions.

1 rule found Severity: High

Logo

If passwords are used for authentication, Redis Enterprise DBMS must store only hashed, salted representations of passwords.

1 rule found Severity: Medium

Logo

SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.

1 rule found Severity: Medium

Logo

SLEM 5 must employ FIPS 140-2/140-3-approved cryptographic hashing algorithms for system authentication.

1 rule found Severity: High

Logo

SLEM 5 shadow password suite must be configured to use a sufficient number of hashing rounds.

1 rule found Severity: High

Logo

The application must only store cryptographic representations of passwords.

1 rule found Severity: High

Logo

Ubuntu 22.04 LTS must store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The Cisco switch must only store cryptographic representations of passwords.

1 rule found Severity: High

Logo

The Cisco router must only store cryptographic representations of passwords.

1 rule found Severity: High

Logo

If passwords are used for authentication, MariaDB must store only hashed, salted representations of passwords.

1 rule found Severity: High

Logo

Windows Server 2019 reversible password encryption must be disabled.

1 rule found Severity: High

Logo

Windows Server 2019 must be configured to prevent the storage of the LAN Manager hash of passwords.

1 rule found Severity: High

Logo

Windows Server 2022 reversible password encryption must be disabled.

1 rule found Severity: High

Logo

The DBMS must support organizational requirements to enforce password encryption for storage.

1 rule found Severity: High

Logo

Windows Server 2022 must be configured to prevent the storage of the LAN Manager hash of passwords.

1 rule found Severity: High

Logo

OL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

1 rule found Severity: Medium

Logo

OL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.

1 rule found Severity: Medium

Logo

The OL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.

1 rule found Severity: Medium

Logo

Rancher RKE2 must store only cryptographic representations of passwords.

1 rule found Severity: Medium

Logo

OpenShift must use FIPS validated LDAP or OpenIDConnect.

1 rule found Severity: High

Logo

RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.

1 rule found Severity: Medium

Logo

RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.

1 rule found Severity: Medium

Logo

The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.

1 rule found Severity: Medium

Logo

RHEL 9 password-auth must be configured to use a sufficient number of hashing rounds.

1 rule found Severity: Medium

Logo

RHEL 9 system-auth must be configured to use a sufficient number of hashing rounds.

1 rule found Severity: Medium

Logo

RHEL 9 must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

RHEL 9 must be configured to use the shadow file to store only encrypted representations of passwords.

1 rule found Severity: Medium

Logo

The SUSE operating system must employ FIPS 140-2-approved cryptographic hashing algorithms for all stored passwords.

2 rules found Severity: Medium

Logo

The SUSE operating system must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords.

2 rules found Severity: Medium

Logo

The SUSE operating system must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords.

2 rules found Severity: Medium

Logo

RHEL 9 must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords.

1 rule found Severity: Medium

Logo

RHEL 9 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-3 approved cryptographic hashing algorithm for system authentication.

1 rule found Severity: Medium

Logo

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors.

2 rules found Severity: Medium

Logo

The Photon operating system must store only encrypted representations of passwords.

2 rules found Severity: Medium

Logo

The vPostgres database must use "md5" for authentication.

1 rule found Severity: Medium

Logo

The operating system must store only encrypted representations of passwords.

1 rule found Severity: High

Logo

The vCenter PostgreSQL service must encrypt passwords for user authentication.

1 rule found Severity: High

Logo

The ability of Lync to store user passwords must be disabled.

1 rule found Severity: Medium

Logo

Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

1 rule found Severity: High

Logo