The macOS system must prohibit password reuse for a minimum of five generations.

Description

<VulnDiscussion>The macOS must be configured to enforce a password history of at least five previous passwords when a password is created. This rule ensures that users are not allowed to reuse a password that was used in any of the five previous password generations. Limiting password reuse protects against malicious users attempting to gain access to the system via brute-force hacking methods. Note: The guidance for password-based authentication in NIST 800-53 (Rev 5) and NIST 800-63B state that complexity rules should be organizationally defined. The values defined are based on common complexity values, but an organization may define its own password complexity rules.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>