Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000164
<GroupDescription></GroupDescription>Group -
The application must enforce a minimum 15-character password length.
<VulnDiscussion>The shorter the password, the lower the number of possible combinations that need to be tested before the password is comprom...Rule High Severity -
SRG-APP-000166
<GroupDescription></GroupDescription>Group -
The application must enforce password complexity by requiring that at least one uppercase character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000167
<GroupDescription></GroupDescription>Group -
The application must enforce password complexity by requiring that at least one lowercase character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000168
<GroupDescription></GroupDescription>Group -
The application must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
The application must enforce password complexity by requiring that at least one special character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000170
<GroupDescription></GroupDescription>Group -
The application must require the change of at least eight of the total number of characters when passwords are changed.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000171
<GroupDescription></GroupDescription>Group -
The application must only store cryptographic representations of passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000172
<GroupDescription></GroupDescription>Group -
The application must transmit only cryptographically-protected passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000173
<GroupDescription></GroupDescription>Group -
SRG-APP-000401
<GroupDescription></GroupDescription>Group -
The application must enforce 24 hours/1 day as the minimum password lifetime.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000174
<GroupDescription></GroupDescription>Group -
The application must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.