Capacity
CCI-000205
The information system enforces minimum password length.
20
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Minimum Length
29
Rule
Severity: Medium
Set Password Minimum Length in login.defs
7
Rule
Severity: Medium
Ensure PAM Enforces Password Requirements - Enforce for root User
2
Rule
Severity: Medium
Set Password Minimum Length
1
Rule
Severity: Medium
AAA Services must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Compliance Guardian must provide automated mechanisms for supporting account management functions.
1
Rule
Severity: Medium
The Akamai Luna Portal must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Apple iOS/iPadOS 15 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
The Arista Multilayer Switch account of last resort must have a password with a length of 15 characters.
2
Rule
Severity: Medium
The Arista network device must enforce a minimum 15-character password length.
2
Rule
Severity: High
The application must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The CA API Gateway must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Central Log Server must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The DBN-6300 must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The FortiGate device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
CounterACT must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
Forescout must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
Google Android 12 must be configured to enforce a minimum password length of six characters.
4
Rule
Severity: Medium
Google Android 13 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
The HP FlexFabric Switch must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The storage system must require passwords contain a minimum of 15 characters, after an administrator has set the minimum password length to that value.
1
Rule
Severity: Medium
The HYCU server must enforce password complexity by requiring that at least one uppercase character be used.
6
Rule
Severity: Medium
The network device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The DataPower Gateway must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
IBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol.
1
Rule
Severity: Medium
The MQ Appliance network device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
IBM zVM CA VM:Secure product PASSWORD user exit must be in use.
1
Rule
Severity: Medium
The Ivanti MobileIron Core server must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
MobileIron Sentry device must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The Manager Web app password must be configured as follows: -15 or more characters -at least one lower case letter -at least one upper case letter -at least one number -at least one special character
2
Rule
Severity: Medium
The Jamf Pro EMM local accounts password must be configured with length of 15 characters.
2
Rule
Severity: Medium
The Juniper router must be configured to enforce a minimum 15-character password length.
2
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Mainframe Product must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
Microsoft Android 11 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
Motorola Solutions Android 11 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.
2
Rule
Severity: Medium
ONTAP must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Nutanix AOS must enforce a minimum 15 character password length.
1
Rule
Severity: Medium
Oracle WebLogic must enforce minimum password length.
2
Rule
Severity: Medium
Prisma Cloud Compute local accounts must enforce strong password requirements.
2
Rule
Severity: Medium
The Riverbed NetProfiler must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Riverbed Optimization System (RiOS) must enforce a minimum 15-character password length.
13
Rule
Severity: Medium
Samsung Android must be configured to enforce a minimum password length of six characters.
2
Rule
Severity: Medium
Splunk Enterprise must enforce a minimum 15-character password length for the account of last resort.
1
Rule
Severity: Medium
The Samsung SDS EMM local accounts password must be configured with length of 15 characters.
1
Rule
Severity: Medium
Symantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts.
2
Rule
Severity: Medium
The Tanium application must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The TippingPoint SMS must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The Tanium Operating System (TanOS) must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The UEM server must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The NSX-T Manager must enforce a minimum 15-character password length.
1
Rule
Severity: High
The Workspace ONE UEM local accounts password must be configured with length of 15 characters.
1
Rule
Severity: Medium
The password values must be set to meet the requirements in accordance with DoDI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND)).
2
Rule
Severity: Medium
Apple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters.
3
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.
4
Rule
Severity: Medium
The macOS system must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The macOS system must require a minimum password length of 14 characters.
3
Rule
Severity: Medium
The Ubuntu operating system must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The Cisco ASA must be configured to enforce a minimum 15-character password length.
3
Rule
Severity: Medium
The Cisco router must be configured to enforce a minimum 15-character password length.
3
Rule
Severity: Medium
The Cisco switch must be configured to enforce a minimum 15-character password length.
2
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The container platform must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
Google Android 13 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.
1
Rule
Severity: Medium
The HPE Nimble must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
Google Android 14 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
The operating system must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
SSMC must enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The HPE 3PAR OS must be configured to enforce a minimum 15-character password length.
2
Rule
Severity: High
AIX must use Loadable Password Algorithm (LPA) password hashing algorithm.
2
Rule
Severity: High
AIX must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The IBM z/OS operating system must enforce a minimum eight-character password length.
1
Rule
Severity: Medium
The operating system must enforce a minimum 8-character password length.
1
Rule
Severity: Medium
IBM RACF PASSWORD(RULEn) SETROPTS value(s) must be properly set.
1
Rule
Severity: Medium
The ICS must be configured to enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce a minimum 15-character password length.
6
Rule
Severity: Medium
Passwords must, at a minimum, be 14 characters.
1
Rule
Severity: Medium
Manually managed application account passwords must be at least 15 characters in length.
2
Rule
Severity: Medium
Windows Server 2016 minimum password length must be configured to 14 characters.
1
Rule
Severity: Medium
Windows Server 2019 manually managed application account passwords must be at least 15 characters in length.
3
Rule
Severity: Medium
Windows Server 2019 minimum password length must be configured to 14 characters.
1
Rule
Severity: Medium
Windows Server 2022 manually managed application account passwords must be at least 15 characters in length.
3
Rule
Severity: Medium
Windows Server 2022 minimum password length must be configured to 14 characters.
2
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce minimum password length.
2
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords are a minimum of 15 characters in length.
2
Rule
Severity: Medium
OL 8 passwords must have a minimum of 15 characters.
2
Rule
Severity: Medium
OL 8 passwords for new users must have a minimum of 15 characters.
2
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce a minimum 15-character password length.
2
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
1
Rule
Severity: Medium
The Red Hat Enterprise Linux operating system must be configured so that passwords are a minimum of 15 characters in length.
2
Rule
Severity: Medium
RHEL 8 passwords must have a minimum of 15 characters.
2
Rule
Severity: Medium
RHEL 8 passwords for new users must have a minimum of 15 characters.
4
Rule
Severity: Medium
The SUSE operating system must employ passwords with a minimum of 15 characters.
2
Rule
Severity: Medium
RHEL 9 must enforce password complexity rules for the root account.
2
Rule
Severity: Medium
RHEL 9 passwords must be created with a minimum of 15 characters.
1
Rule
Severity: Medium
RHEL 9 passwords for new users must have a minimum of 15 characters.
2
Rule
Severity: Medium
User passwords must be at least 15 characters in length.
2
Rule
Severity: Low
Splunk Enterprise must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The VMM must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The ESXi host must be configured with a sufficiently complex password policy.
4
Rule
Severity: Medium
The vCenter Server passwords must be at least 15 characters in length.
3
Rule
Severity: Medium
The ESXi host must enforce password complexity by configuring a password quality policy.
1
Rule
Severity: Medium
The Photon operating system must enforce a minimum eight-character password length.
3
Rule
Severity: Medium
The Photon operating system must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The BIG-IP appliance must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Dragos Platform must configure local password policies.
1
Rule
Severity: Medium
The F5 BIG-IP appliance must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Google Android 14 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.
1
Rule
Severity: Medium
Sentry device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
Manually managed application account passwords must be at least 14 characters in length.
2
Rule
Severity: Medium
Windows Server 2019 manually managed application account passwords must be at least 14 characters in length.
2
Rule
Severity: Medium
Windows Server 2022 manually managed application account passwords must be at least 14 characters in length.
1
Rule
Severity: Medium
SLEM 5 must employ passwords with a minimum of 15 characters.
1
Rule
Severity: Medium
The NSX Manager must enforce a minimum 15-character password length for local accounts.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules