TOSS must enforce password complexity by requiring that at least one special character be used.

An XCCDF Rule

Description

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. TOSS utilizes "pwquality" as a mechanism to enforce password complexity. Note that to require special characters without degrading the "minlen" value, the credit value must be expressed as a negative number in "/etc/security/pwquality.conf."

ID: SV-253087r991561_rule
Version: TOSS-04-040350
Severity: Medium
References: CCI-004066
Updated: 5 days ago

Remediation Templates

Configure the operating system to enforce password complexity by requiring that at least one special character be used by setting the "ocredit" option.

Add the following line to /etc/security/pwquality.conf (or modify the line to have the required value):

ocredit = -1

TOSS must enforce password complexity by requiring that at least one special character be used.

Description

Remediation Templates

A Manual Procedure