III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000167
<GroupDescription></GroupDescription>Group -
The application must enforce password complexity by requiring that at least one lowercase character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000168
<GroupDescription></GroupDescription>Group -
The application must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000169
<GroupDescription></GroupDescription>Group -
The application must enforce password complexity by requiring that at least one special character be used.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000170
<GroupDescription></GroupDescription>Group -
The application must require the change of at least eight of the total number of characters when passwords are changed.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000171
<GroupDescription></GroupDescription>Group -
The application must only store cryptographic representations of passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000172
<GroupDescription></GroupDescription>Group -
The application must transmit only cryptographically-protected passwords.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule High Severity -
SRG-APP-000173
<GroupDescription></GroupDescription>Group -
The application must enforce 24 hours/1 day as the minimum password lifetime.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000174
<GroupDescription></GroupDescription>Group -
The application must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000165
<GroupDescription></GroupDescription>Group -
The application must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity -
SRG-APP-000397
<GroupDescription></GroupDescription>Group -
The application must allow the use of a temporary password for system logons with an immediate change to a permanent password.
<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replaceme...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.