The password hashes stored on AIX system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.

An XCCDF Rule

Details
Profiles

Description

Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes that are more vulnerable to compromise.

ID: SV-215230r991589_rule
Version: AIX7-00-001134
Severity: Medium
References: CCI-000366
Updated: 24 days ago

Remediation Templates

Set the system wide password algorithm to "ssha256" or "ssha512" by running the following command:

# chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha512

Change the passwords for all accounts using non-compliant password hashes by running the following command: 

$ passwd [user_name]

The password hashes stored on AIX system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.

Description

Remediation Templates

A Manual Procedure