If multifactor authentication is not supported and passwords must be used, the Akamai Luna Portal must enforce password complexity by requiring that at least one numeric character be used.

An XCCDF Rule

Description

<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-91187r1_rule
Severity: Medium
References: CCI-000194
Updated: about 1 year ago

Open a ticket through the Akamai Customer Portal (Luna), https://control.akamai.com
 
Select the “Support” link, under the “OPEN A CASE” section, select "Business Support Issue or Question".
The "Area" field should be "General Account Management".
Service should be "Product Support".
Once selected a form will load where the subject should be "Password Security Policy Exception Request"The description should contain the following information with all fields completed.  (Please note that if the character limit is exceeded then the following may be submitted as an attachment.)
 
-------------
Requester's name:
 
Requester's title:
 
Requester's organization/command:
 
We request the following exception(s) to the standard Akamai Luna password management policy to be applied to all accounts.
 
    - Force password rotations to occur at least every 60 days.
    - Disable any inactive accounts if they have not been used for 90 consecutive days.
    - Limit the number of consecutive invalid login attempts to 3.
    - Enforce a minimum length of 15 characters.
    - Require that at least one upper-case character be used.
    - Require that at least one lower-case character be used.
    - Require that at least one numeric character be used.
    - Require that at least one special character be used.
    - Prevent password reuse for at least 5 generations.
 
 
We understand this is a divergence from the standard, recommended Luna security policy.
 
Please submit this password policy exception request to the Akamai InfoSec team for review.  It has been approved by the security officer or administrator for the organization.  The following is the approver's information:
 
Approver's Name: 
 
Approver's Title:
(must security personnel for the organization)
 
Approver's Contact Information (necessary to validate this request):
 
      Phone: 
 
      E-mail:
-------------
 
Complete the contact information fields if they haven't been prepopulated, and then click "Create Case"

If multifactor authentication is not supported and passwords must be used, the Akamai Luna Portal must enforce password complexity by requiring that at least one numeric character be used.

Description

Remediation - Manual Procedure