Capacity
CCI-004066
For password-based authentication, enforce organization-defined composition and complexity rules.
1
Rule
Severity: Medium
AAA Services must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
AAA Services must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
AAA Services must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
AAA Services must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
AAA Services must be configured to enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
AAA Services must be configured to require the change of at least eight of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
AAA Services must be configured to enforce 24 hours as the minimum password lifetime.
1
Rule
Severity: Medium
AAA Services must be configured to enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Apple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.
1
Rule
Severity: Medium
The macOS system must require passwords contain a minimum of one numeric character.
2
Rule
Severity: Medium
The macOS system must restrict maximum password lifetime to 60 days.
2
Rule
Severity: Medium
The macOS system must require a minimum password length of 14 characters.
1
Rule
Severity: Medium
The macOS system must require passwords contain a minimum of one special character.
1
Rule
Severity: Medium
The macOS system must require passwords contain a minimum of one lowercase character and one uppercase character.
2
Rule
Severity: Medium
The macOS system must set minimum password lifetime to 24 hours.
1
Rule
Severity: Medium
The macOS system must require that passwords contain a minimum of one numeric character.
1
Rule
Severity: Medium
The macOS system must require that passwords contain a minimum of one special character.
1
Rule
Severity: Medium
The macOS system must require that passwords contain a minimum of one lowercase character and one uppercase character.
1
Rule
Severity: Medium
The Arista network device must enforce a minimum 15-character password length.
1
Rule
Severity: High
The application must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The application must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The application must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The application must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The application must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The application must require the change of at least eight of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
The application must enforce 24 hours/1 day as the minimum password lifetime.
1
Rule
Severity: Medium
The application must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Low
The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
1
Rule
Severity: Low
The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Low
The Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: Low
The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.
1
Rule
Severity: Low
The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Low
The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.
1
Rule
Severity: Medium
The Ubuntu operating system must enforce a minimum 15-character password length.
1
Rule
Severity: Low
The Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce password complexity by requiring at least one uppercase character be used.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce password complexity by requiring at least one lowercase character be used.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Ubuntu 22.04 LTS must require the change of at least eight characters when passwords are changed.
1
Rule
Severity: Medium
The Central Log Server must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Low
The Central Log Server must be configured to require the change of at least eight of the total number of characters when passwords are changed.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce 24 hours/1 day as the minimum password lifetime.
1
Rule
Severity: Low
The Central Log Server must be configured to enforce a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
The Cisco router must be configured to enforce a minimum 15-character password length.
2
Rule
Severity: Medium
The Cisco router must be configured to enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: Medium
The Cisco router must be configured to enforce password complexity by requiring that at least one lowercase character be used.
2
Rule
Severity: Medium
The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.
2
Rule
Severity: Medium
The Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.
2
Rule
Severity: Medium
The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
1
Rule
Severity: Medium
The Cisco ASA must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Cisco ASA must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The Cisco ASA must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The Cisco ASA must be configured to enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
2
Rule
Severity: Medium
The Cisco switch must be configured to enforce a minimum 15-character password length.
3
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.
2
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one lowercase character be used.
3
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used.
3
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.
2
Rule
Severity: Medium
The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
1
Rule
Severity: Medium
The Cisco switch must be configured to enforce password complexity by requiring that at least one lower-case character be used.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one digit be used.
1
Rule
Severity: Medium
For accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The container platform must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The container platform must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The container platform must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The container platform must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The container platform must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The container platform must require the change of at least 15 of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
The container platform must enforce 24 hours (one day) as the minimum password lifetime.
1
Rule
Severity: Medium
The container platform must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: High
If DBMS authentication, using passwords, is employed, the DBMS must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: High
If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
The DNS server implementation must, for password-based authentication, enforce organization-defined composition and complexity rules.
2
Rule
Severity: Medium
Google Android 13 must be configured to enforce a minimum password length of six characters.
2
Rule
Severity: Medium
Google Android 14 must be configured to enforce a minimum password length of six characters.
2
Rule
Severity: Medium
Google Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters.
1
Rule
Severity: Medium
Forescout must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
Forescout must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
Forescout must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Forescout must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
Forescout must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Low
Forescout must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
2
Rule
Severity: Medium
Google Android 15 must be configured to enforce a minimum password length of six characters.
2
Rule
Severity: Medium
Google Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters.
1
Rule
Severity: Medium
The operating system must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The operating system must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The operating system must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The operating system must require the change of at least 50 percent of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
Operating systems must enforce 24 hours/1 day as the minimum password lifetime.
1
Rule
Severity: Medium
Operating systems must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The operating system must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
SSMC must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The HPE Nimble must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The HPE Nimble must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The HPE Nimble must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The HPE Nimble must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The HPE Nimble must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The HPE Nimble must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
1
Rule
Severity: Medium
The HPE 3PAR OS must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The operating system must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: High
AIX must enforce password complexity by requiring that at least one upper-case character be used.
1
Rule
Severity: High
AIX must enforce password complexity by requiring that at least one lower-case character be used.
1
Rule
Severity: High
AIX must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: High
AIX must require the change of at least 50% of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
AIX Operating systems must enforce 24 hours/1 day as the minimum password lifetime.
1
Rule
Severity: Medium
AIX Operating systems must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: High
AIX must use Loadable Password Algorithm (LPA) password hashing algorithm.
1
Rule
Severity: High
AIX must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
AIX must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The PASSWORD expiration day(s) value must be set to equal or less then 60 days.
1
Rule
Severity: Medium
The password values must be set to meet the requirements in accordance with DODI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE [IA] AND COMPUTER NETWORK DEFENSE [CND]).
1
Rule
Severity: Medium
CA-ACF2 PWPHRASE GSO record must be properly defined.
1
Rule
Severity: Medium
CA-ACF2 must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require at least one uppercase character be used.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require at least one numeric character be used.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require at least one lowercase character be used.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require the change of at least 50 percent of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
ACF2 PSWD GSO record value must be set to require 24 hours/one day as the minimum password lifetime.
1
Rule
Severity: Medium
IBM z/OS must enforce a minimum eight character password length.
1
Rule
Severity: Medium
The Manager Web app password must be configured as follows:
-15 or more characters.
-at least one lower case letter.
-at least one upper case letter.
-at least one number.
-at least one special character.
1
Rule
Severity: Medium
The CA-TSS NEWPHRASE and PPSCHAR Control Options must be properly set.
1
Rule
Severity: Medium
The CA-TSS NEWPW control options must be properly set.
1
Rule
Severity: Medium
The CA-TSS PWEXP Control Option must be set to 60.
1
Rule
Severity: Medium
The CA-TSS PPEXP Control Option must be properly set.
1
Rule
Severity: Medium
The IBM z/OS operating system must enforce a minimum eight character password length.
1
Rule
Severity: Medium
IBM RACF PASSWORD(RULEn) SETROPTS value(s) must be properly set.
1
Rule
Severity: Medium
IBM RACF exit ICHPWX01 must be installed and properly configured.
1
Rule
Severity: Medium
The IBM RACF SETROPTS PASSWORD(MINCHANGE) value must be set to 1.
1
Rule
Severity: Medium
IBM RACF SETROPTS PASSWORD(INTERVAL) must be set to 60 days.
1
Rule
Severity: Medium
IBM RACF exit ICHPWX11 for password phrases must be installed and properly configured.
1
Rule
Severity: Medium
The ICS must be configured to enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The ICS must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The ICS must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
1
Rule
Severity: Medium
The ICS must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The ICS must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The ICS must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Ivanti EPMM server must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Ivanti EPMM server must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Ivanti EPMM server must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The Ivanti EPMM server must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The Ivanti EPMM server must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts password must be configured with length of 15 characters.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts must be configured with at least one lowercase character.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts must be configured with at least one uppercase character.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts must be configured with at least one number.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts must be configured with at least one special character.
1
Rule
Severity: Medium
The Jamf Pro EMM local accounts must be configured with password minimum lifetime of 24 hours.
1
Rule
Severity: Medium
Sentry device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Sentry must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
Sentry must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
Sentry must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
Sentry must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to enforce password complexity by requiring that at least one punctuation (special) character be used.
1
Rule
Severity: Medium
The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The Juniper router must be configured to enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one uppercase character be used.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one lowercase character be used.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one numeric character be used.
1
Rule
Severity: Medium
For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one special character be used.
1
Rule
Severity: Medium
The Mainframe Product must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Mainframe Product must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Mainframe Product must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The Mainframe Product must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The Mainframe Product must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Mainframe Product must require the change of at least eight of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
The Mainframe Product must enforce 24 hours/1 day as the minimum password lifetime.
1
Rule
Severity: Medium
The Mainframe Product must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: High
If MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DOD standards for password complexity.
1
Rule
Severity: Medium
If MariaDB authentication using passwords is employed, MariaDB must enforce the DOD standards for password lifetime.
1
Rule
Severity: Medium
MKE must be configured to integrate with an Enterprise Identity Provider.
1
Rule
Severity: Medium
If MarkLogic Server authentication using passwords is employed, MarkLogic Server must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
Microsoft Intune service must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: High
If DBMS authentication using passwords is employed, SQL Server must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
Contained databases must use Windows principals.
2
Rule
Severity: Medium
Accounts must be configured to require password expiration.
2
Rule
Severity: Medium
The maximum password age must be configured to 60 days or less.
2
Rule
Severity: Medium
The minimum password age must be configured to at least 1 day.
2
Rule
Severity: Medium
Passwords must, at a minimum, be 14 characters.
1
Rule
Severity: Medium
The built-in Microsoft password complexity filter must be enabled.
2
Rule
Severity: Medium
Passwords for enabled local Administrator accounts must be changed at least every 60 days.
1
Rule
Severity: Medium
Windows Server 2019 must have the built-in Windows password complexity policy enabled.
1
Rule
Severity: Medium
Windows Server 2019 minimum password age must be configured to at least one day.
1
Rule
Severity: Medium
Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days.
1
Rule
Severity: Medium
Windows Server 2019 passwords must be configured to expire.
1
Rule
Severity: Medium
Windows Server 2019 maximum password age must be configured to 60 days or less.
1
Rule
Severity: Medium
Windows Server 2019 manually managed application account passwords must be at least 14 characters in length.
1
Rule
Severity: Medium
Windows Server 2019 minimum password length must be configured to 14 characters.
1
Rule
Severity: Medium
Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.
1
Rule
Severity: Medium
Windows Server 2022 manually managed application account passwords must be at least 14 characters in length.
1
Rule
Severity: Medium
Windows Server 2022 passwords must be configured to expire.
1
Rule
Severity: Medium
Windows Server 2022 maximum password age must be configured to 60 days or less.
1
Rule
Severity: Medium
Windows Server 2022 minimum password age must be configured to at least one day.
1
Rule
Severity: Medium
Windows Server 2022 minimum password length must be configured to 14 characters.
1
Rule
Severity: Medium
Windows Server 2022 must have the built-in Windows password complexity policy enabled.
1
Rule
Severity: Medium
The network device must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The network device must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The network device must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The network device must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The network device must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The network device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
1
Rule
Severity: Medium
ONTAP must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
ONTAP must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
ONTAP must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
ONTAP must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
ONTAP must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one lower-case character.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are assigned, the new password must contain at least one numeric character.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one special character.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 24 hours/1 day minimum lifetime.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords are restricted to a 24 hours/1 day minimum lifetime.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
1
Rule
Severity: Medium
The Oracle Linux operating system must be configured so that passwords are a minimum of 15 characters in length.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce minimum password length.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of uppercase characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of lowercase characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of numeric characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce password complexity by the number of special characters used.
1
Rule
Severity: Medium
The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.
1
Rule
Severity: Medium
Procedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented.
1
Rule
Severity: Medium
The DBMS must enforce password maximum lifetime restrictions.
1
Rule
Severity: High
If Database Management System (DBMS) authentication using passwords is employed, the DBMS must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: Medium
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
1
Rule
Severity: Medium
Prisma Cloud Compute local accounts must enforce strong password requirements.
1
Rule
Severity: Low
OL 8 must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Low
OL 8 must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Low
OL 8 must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
OL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
1
Rule
Severity: Medium
OL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
1
Rule
Severity: Medium
OL 8 must require the change of at least four character classes when passwords are changed.
1
Rule
Severity: Low
OL 8 must require the change of at least eight characters when passwords are changed.
1
Rule
Severity: Medium
OL 8 passwords for new users or password changes must have a 24 hours/one day minimum password lifetime restriction in "/etc/shadow".
1
Rule
Severity: Medium
OL 8 passwords for new users or password changes must have a 24 hours/one day minimum password lifetime restriction in "/etc/login.defs".
1
Rule
Severity: Medium
OL 8 user account passwords must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
OL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
1
Rule
Severity: Medium
OL 8 passwords must have a minimum of 15 characters.
1
Rule
Severity: Medium
OL 8 passwords for new users must have a minimum of 15 characters.
1
Rule
Severity: Low
All OL 8 passwords must contain at least one special character.
1
Rule
Severity: Medium
The Riverbed NetProfiler must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Riverbed NetProfiler must configure the local account password to "require mixed case".
1
Rule
Severity: Medium
The Riverbed NetProfiler must require that at least one special character be used.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.
1
Rule
Severity: Medium
If DBMS authentication using passwords is employed, Redis Enterprise DBMS must enforce the DOD standards for password complexity and lifetime.
1
Rule
Severity: High
OpenShift must use FIPS validated LDAP or OpenIDConnect.
1
Rule
Severity: Medium
RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used.
1
Rule
Severity: Medium
RHEL 8 must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
1
Rule
Severity: Medium
RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
1
Rule
Severity: Medium
RHEL 8 must require the change of at least four character classes when passwords are changed.
1
Rule
Severity: Medium
RHEL 8 must require the change of at least 8 characters when passwords are changed.
1
Rule
Severity: Medium
RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.
1
Rule
Severity: Medium
RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/login.defs.
1
Rule
Severity: Medium
RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
1
Rule
Severity: Medium
RHEL 8 passwords must have a minimum of 15 characters.
1
Rule
Severity: Medium
RHEL 8 passwords for new users must have a minimum of 15 characters.
1
Rule
Severity: Medium
All RHEL 8 passwords must contain at least one special character.
1
Rule
Severity: Medium
RHEL 9 user account passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.
1
Rule
Severity: Medium
RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
RHEL 9 must ensure the password complexity module in the system-auth file is configured for three retries or less.
1
Rule
Severity: Medium
RHEL 9 must ensure the password complexity module is enabled in the password-auth file.
1
Rule
Severity: Medium
RHEL 9 must enforce password complexity rules for the root account.
1
Rule
Severity: Medium
RHEL 9 must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
RHEL 9 must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
RHEL 9 passwords for new users or password changes must have a 24 hours minimum password lifetime restriction in /etc/login.defs.
1
Rule
Severity: Medium
RHEL 9 passwords must have a 24 hours minimum password lifetime restriction in /etc/shadow.
1
Rule
Severity: Medium
RHEL 9 passwords must be created with a minimum of 15 characters.
1
Rule
Severity: Medium
RHEL 9 must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
RHEL 9 must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
RHEL 9 must require the change of at least eight characters when passwords are changed.
1
Rule
Severity: Medium
RHEL 9 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
1
Rule
Severity: Medium
RHEL 9 must require the maximum number of repeating characters be limited to three when passwords are changed.
1
Rule
Severity: Medium
RHEL 9 must require the change of at least four character classes when passwords are changed.
1
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one upper-case character.
1
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one lower-case character.
2
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one numeric character.
2
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one special character.
1
Rule
Severity: Medium
The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.
2
Rule
Severity: Medium
The SUSE operating system must employ passwords with a minimum of 15 characters.
2
Rule
Severity: Medium
The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).
2
Rule
Severity: Medium
The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).
2
Rule
Severity: Medium
The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.
2
Rule
Severity: Medium
The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.
1
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one uppercase character.
1
Rule
Severity: Medium
The SUSE operating system must enforce passwords that contain at least one lowercase character.
1
Rule
Severity: Medium
The SUSE operating system must require the change of at least eight of the total number of characters when passwords are changed.
2
Rule
Severity: Medium
User passwords must be changed at least every 60 days.
2
Rule
Severity: Medium
The operating system must enforce minimum password lifetime restrictions.
2
Rule
Severity: Medium
User passwords must be at least 15 characters in length.
2
Rule
Severity: Medium
The system must require at least eight characters be changed between the old and new passwords during a password change.
2
Rule
Severity: Medium
The system must require passwords to contain at least one uppercase alphabetic character.
2
Rule
Severity: Medium
The operating system must enforce password complexity requiring that at least one lowercase character is used.
2
Rule
Severity: Medium
The system must require passwords to contain at least one numeric character.
2
Rule
Severity: Medium
The system must require passwords to contain at least one special character.
1
Rule
Severity: Low
Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one uppercase character be used.
1
Rule
Severity: Low
Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one lowercase character be used.
1
Rule
Severity: Low
Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
Splunk Enterprise must enforce a minimum 15-character password length for the account of last resort.
1
Rule
Severity: Low
Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one special character be used.
1
Rule
Severity: Low
Splunk Enterprise must enforce a 60-day maximum password lifetime restriction for the account of last resort.
1
Rule
Severity: Low
Splunk Enterprise must be configured to enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Low
Splunk Enterprise must be configured to enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Low
Splunk Enterprise must be configured to enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Low
Splunk Enterprise must be configured to enforce a minimum 15-character password length.
1
Rule
Severity: Low
Splunk Enterprise must be configured to enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Low
Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction.
2
Rule
Severity: Medium
Samsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.
4
Rule
Severity: Medium
Samsung Android must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
The Tanium Operating System (TanOS) must enforce 24 hours/one day as the maximum password lifetime.
1
Rule
Severity: Medium
The Tanium Operating System (TanOS) must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The Tanium Operating System (TanOS) must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Tanium application must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
Tanium must enforce 24 hours/one day as the minimum password lifetime.
1
Rule
Severity: Medium
The Tanium application must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The TippingPoint SMS must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The TippingPoint SMS must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The TippingPoint SMS must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The TippingPoint SMS must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The TippingPoint SMS must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.
1
Rule
Severity: Medium
The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.
1
Rule
Severity: Medium
TOSS must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
TOSS must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
TOSS must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
TOSS must require the change of at least eight characters when passwords are changed.
1
Rule
Severity: Medium
TOSS must enforce 24 hours/one day as the minimum password lifetime.
1
Rule
Severity: Medium
TOSS must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
TOSS must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
TOSS must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The VMM must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The VMM must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The VMM must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The VMM must require the change of at least eight of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
The VMM must enforce 24 hours/one day as the minimum password lifetime.
1
Rule
Severity: Medium
The VMM must enforce a 60-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The VMM must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The VMM must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The ESXi host must enforce password complexity by configuring a password quality policy.
1
Rule
Severity: Medium
The web server must, for password-based authentication, enforce organization-defined composition and complexity rules.
1
Rule
Severity: Medium
The vCenter Server passwords must be at least 15 characters in length.
1
Rule
Severity: Medium
The vCenter Server passwords must contain at least one uppercase character.
1
Rule
Severity: Medium
The vCenter Server passwords must contain at least one lowercase character.
1
Rule
Severity: Medium
The vCenter Server passwords must contain at least one numeric character.
1
Rule
Severity: Medium
The vCenter Server passwords must contain at least one special character.
1
Rule
Severity: Medium
The vCenter Server must enforce a 90-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The Photon operating system must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The Photon operating system must require the change of at least eight characters when passwords are changed.
1
Rule
Severity: Medium
The Photon operating system must enforce one day as the minimum password lifetime.
1
Rule
Severity: Medium
The Photon operating systems must enforce a 90-day maximum password lifetime restriction.
1
Rule
Severity: Medium
The Photon operating system must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The Photon operating system must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The Photon operating system must be configured to use the pam_pwquality.so module.
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must be configured to enforce a minimum password length of six characters.
1
Rule
Severity: Medium
Apple iOS/iPadOS 18 must be configured to not allow passwords that include more than four repeating or sequential characters.
1
Rule
Severity: Medium
The UEM server must enforce a minimum 15-character password length.
1
Rule
Severity: Medium
The UEM server must enforce password complexity by requiring that at least one uppercase character be used.
1
Rule
Severity: Medium
The UEM server must enforce password complexity by requiring that at least one lowercase character be used.
1
Rule
Severity: Medium
The UEM server must enforce password complexity by requiring that at least one numeric character be used.
1
Rule
Severity: Medium
The UEM server must enforce password complexity by requiring that at least one special character be used.
1
Rule
Severity: Medium
The UEM server must require the change of at least 15 of the total number of characters when passwords are changed.
1
Rule
Severity: Medium
The UEM server must enforce a 60-day maximum password lifetime restriction.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules