Application Security and Development Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The application must require the change of at least eight of the total number of characters when passwords are changed.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000171
<GroupDescription></GroupDescription>Group -
The application must only store cryptographic representations of passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000172
<GroupDescription></GroupDescription>Group -
The application must transmit only cryptographically-protected passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000173
<GroupDescription></GroupDescription>Group -
SRG-APP-000401
<GroupDescription></GroupDescription>Group -
The application must enforce 24 hours/1 day as the minimum password lifetime.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000174
<GroupDescription></GroupDescription>Group -
The application must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.