Capacity
CCI-000199
The information system enforces maximum password lifetime restrictions.
30
Rule
Severity: Medium
Set Password Maximum Age
20
Rule
Severity: Medium
Set Existing Passwords Maximum Age
1
Rule
Severity: Medium
AAA Services must be configured to enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Windows service \ application accounts with administrative privileges and manually managed passwords, must have passwords changed at least every 60 days.
1
Rule
Severity: Medium
All accounts, privileged and unprivileged, that require smart cards must have the underlying NT hash rotated at least every 60 days.
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
The Akamai Luna Portal must enforce a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
The application must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The DBN-6300 must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
CounterACT must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The HP FlexFabric Switch must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
IBM Aspera Console user account passwords must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
IBM Aspera Faspex user account passwords must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
IBM Aspera Shares user account passwords must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Authorization for access to the MQ Appliance network device must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
CA VM:Secure product AUTOEXP record in the Security Config File must be properly set.
1
Rule
Severity: Medium
The Mainframe Product must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.
1
Rule
Severity: Medium
Nutanix AOS must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: High
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
2
Rule
Severity: Low
Splunk Enterprise must enforce a 60-day maximum password lifetime restriction for the account of last resort.
2
Rule
Severity: Medium
The Tanium application must enforce a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
The Tanium Operating System (TanOS) must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The UEM server must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The PASSWORD expiration day(s) value must be set to equal or less then 60 days.
4
Rule
Severity: Medium
The macOS system must enforce a 60-day maximum password lifetime restriction.
3
Rule
Severity: Low
The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
The macOS system must restrict maximum password lifetime to 60 days.
1
Rule
Severity: Medium
The container platform must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Operating systems must enforce a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
AIX Operating systems must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The CA-TSS PWEXP Control Option must be set to 60.
1
Rule
Severity: Medium
The CA-TSS PPEXP Control Option must be properly set.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
IBM RACF SETROPTS PASSWORD(INTERVAL) must be set to 60 days.
6
Rule
Severity: Medium
Accounts must be configured to require password expiration.
6
Rule
Severity: Medium
The maximum password age must be configured to 60 days or less.
6
Rule
Severity: Medium
Passwords for enabled local Administrator accounts must be changed at least every 60 days.
2
Rule
Severity: Medium
Passwords for the built-in Administrator account must be changed at least every 60 days.
2
Rule
Severity: Medium
Passwords must be configured to expire.
2
Rule
Severity: Medium
Windows Server 2016 maximum password age must be configured to 60 days or less.
3
Rule
Severity: Medium
Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days.
3
Rule
Severity: Medium
Windows Server 2019 passwords must be configured to expire.
3
Rule
Severity: Medium
Windows Server 2019 maximum password age must be configured to 60 days or less.
3
Rule
Severity: Medium
Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.
3
Rule
Severity: Medium
Windows Server 2022 passwords must be configured to expire.
3
Rule
Severity: Medium
Windows Server 2022 maximum password age must be configured to 60 days or less.
1
Rule
Severity: Medium
Procedures for establishing temporary passwords that meet DoD password requirements for new accounts must be defined, documented, and implemented.
2
Rule
Severity: Medium
The DBMS must enforce password maximum lifetime restrictions.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
2
Rule
Severity: Medium
OL 8 user account passwords must have a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
OL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
2
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
2
Rule
Severity: Medium
RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
4
Rule
Severity: Medium
The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.
4
Rule
Severity: Medium
The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.
2
Rule
Severity: Medium
RHEL 9 user account passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.
2
Rule
Severity: Medium
RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
User passwords must be changed at least every 60 days.
2
Rule
Severity: Low
Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The VMM must enforce a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.
1
Rule
Severity: Medium
The Photon operating system must be configured so that passwords for new users are restricted to a 90-day maximum lifetime.
3
Rule
Severity: Medium
The vCenter Server must enforce a 90-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The vCenter Server must enforce a 60-day maximum password lifetime restriction.
3
Rule
Severity: Medium
The Photon operating systems must enforce a 90-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The Dragos Platform must configure local password policies.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
Procedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented.
1
Rule
Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1
Rule
Severity: Medium
SLEM 5 must employ user passwords with a maximum lifetime of 60 days.
1
Rule
Severity: Medium
SLEM 5 must be configured to create or update passwords with a maximum lifetime of 60 days.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules