Skip to content
Log In

CCI-000199

The information system enforces maximum password lifetime restrictions.

Set Password Maximum Age

7 rules found Severity: Medium

Logo

Set Existing Passwords Maximum Age

4 rules found Severity: Medium

Logo

Compliance Guardian must provide automated mechanisms for supporting account management functions.

1 rule found Severity: Medium

Logo

The Akamai Luna Portal must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

The DBN-6300 must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

CounterACT must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

The HP FlexFabric Switch must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

IBM Aspera Console user account passwords must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

IBM Aspera Faspex user account passwords must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

IBM Aspera Shares user account passwords must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

Authorization for access to the MQ Appliance network device must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

CA VM:Secure product AUTOEXP record in the Security Config File must be properly set.

1 rule found Severity: Medium

Logo

If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.

1 rule found Severity: Medium

Logo

Nutanix AOS must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

Riverbed Optimization System (RiOS) must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.

1 rule found Severity: High

Logo

The Tanium application must enforce a 60-day maximum password lifetime restriction.

2 rules found Severity: Medium

Logo

The Tanium Operating System (TanOS) must enforce a 60-day maximum password lifetime restriction.

2 rules found Severity: Medium

Logo

The macOS system must enforce a 60-day maximum password lifetime restriction.

2 rules found Severity: Medium

Logo

The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

2 rules found Severity: Low

Logo

The Red Hat Enterprise Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.

1 rule found Severity: Medium

Logo

The Red Hat Enterprise Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.

1 rule found Severity: Medium

Logo

The BIG-IP appliance must be configured to enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

AIX Operating systems must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

MKE must be configured to integrate with an Enterprise Identity Provider.

1 rule found Severity: Medium

Logo

Accounts must be configured to require password expiration.

4 rules found Severity: Medium

Logo

The maximum password age must be configured to 60 days or less.

4 rules found Severity: Medium

Logo

Passwords for enabled local Administrator accounts must be changed at least every 60 days.

4 rules found Severity: Medium

Logo

Passwords for the built-in Administrator account must be changed at least every 60 days.

1 rule found Severity: Medium

Logo

Passwords must be configured to expire.

1 rule found Severity: Medium

Logo

Windows Server 2016 maximum password age must be configured to 60 days or less.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.

1 rule found Severity: Medium

Logo

The Oracle Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.

1 rule found Severity: Medium

Logo

SLEM 5 must employ user passwords with a maximum lifetime of 60 days.

1 rule found Severity: Medium

Logo

SLEM 5 must be configured to create or update passwords with a maximum lifetime of 60 days.

1 rule found Severity: Medium

Logo

Splunk Enterprise must enforce a 60-day maximum password lifetime restriction for the account of last resort.

1 rule found Severity: Low

Logo

Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Low

Logo

The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.

1 rule found Severity: Medium

Logo

The macOS system must restrict maximum password lifetime to 60 days.

1 rule found Severity: Medium

Logo

The application must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

Passwords for existing users must have a 60-day maximum password lifetime restriction in /etc/shadow.

1 rule found Severity: Medium

Logo

Passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.

1 rule found Severity: Medium

Logo

The Dragos Platform must configure local password policies.

1 rule found Severity: Medium

Logo

Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days.

1 rule found Severity: Medium

Logo

Windows Server 2019 passwords must be configured to expire.

1 rule found Severity: Medium

Logo

Windows Server 2019 maximum password age must be configured to 60 days or less.

1 rule found Severity: Medium

Logo

Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.

1 rule found Severity: Medium

Logo

Windows Server 2022 passwords must be configured to expire.

1 rule found Severity: Medium

Logo

Windows Server 2022 maximum password age must be configured to 60 days or less.

1 rule found Severity: Medium

Logo

Procedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented.

1 rule found Severity: Medium

Logo

The DBMS must enforce password maximum lifetime restrictions.

1 rule found Severity: Medium

Logo

Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.

1 rule found Severity: Medium

Logo

OL 8 user account passwords must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

OL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.

1 rule found Severity: Medium

Logo

OpenShift must use FIPS validated LDAP or OpenIDConnect.

1 rule found Severity: High

Logo

RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.

1 rule found Severity: Medium

Logo

RHEL 9 user account passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.

1 rule found Severity: Medium

Logo

RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.

2 rules found Severity: Medium

Logo

The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.

2 rules found Severity: Medium

Logo

User passwords must be changed at least every 60 days.

2 rules found Severity: Medium

Logo

The Photon operating system must be configured so that passwords for new users are restricted to a 90-day maximum lifetime.

1 rule found Severity: Medium

Logo

The vCenter Server must enforce a 90-day maximum password lifetime restriction.

2 rules found Severity: Medium

Logo

The vCenter Server must enforce a 60-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

The Photon operating systems must enforce a 90-day maximum password lifetime restriction.

1 rule found Severity: Medium

Logo

Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

1 rule found Severity: High

Logo