STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-000192

Definition

The information system enforces password complexity by the minimum number of upper case characters used.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (118)

V-76487CAT IIIf multifactor authentication is not supported and passwords must be used, the Akamai Luna Portal must enforce password complexity by requiring that at least one upper-case character be used.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-274161CAT IIAmazon Linux 2023 must ensure the password complexity module is enabled in the password-auth file.Amazon Linux 2023 Security Technical Implementation Guide V-222537CAT IIThe application must enforce password complexity by requiring that at least one uppercase character be used.Application Security and Development Security Technical Implementation Guide V-237321CAT IThe ArcGIS Server must use Windows authentication for supporting account management functions.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-38707CAT IIBlackBerry PlayBook OS must disallow the device unlock password from containing fewer than a specified minimum number of upper case alphabetic characters, lower case alphabetic characters, and numeric characters.BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-251613CAT IIDBMS authentication using passwords must be avoided.CA IDMS Security Technical Implementation Guide V-219172CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238221CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260560CAT IIUbuntu 22.04 LTS must enforce password complexity by requiring at least one uppercase character be used.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-239915CAT IIThe Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco ASA NDM Security Technical Implementation Guide V-220590CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco IOS Switch NDM Security Technical Implementation Guide V-215827CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco IOS XE Router NDM Security Technical Implementation Guide V-242646CAT IIFor accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one uppercase character be used.Cisco ISE NDM Security Technical Implementation Guide V-220489CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco NX OS Switch NDM Security Technical Implementation Guide V-255554CAT IIIf multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one upper-case character be used.DBN-6300 NDM Security Technical Implementation Guide V-270955CAT IIThe Dragos Platform must configure local password policies.Dragos Platform 2.x Security Technical Implementation Guide V-224166CAT IIf DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DoD standards for password complexity and lifetime.EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide V-217399CAT IIIf multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must enforce password complexity by requiring that at least one upper-case character be used.F5 BIG-IP Device Management Security Technical Implementation Guide V-266088CAT IIThe F5 BIG-IP appliance must enforce password complexity by requiring that at least one uppercase character be used.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255659CAT IIIf multifactor authentication is not supported and passwords must be used, CounterACT must enforce password complexity by requiring that at least one upper-case character be used.ForeScout CounterACT NDM Security Technical Implementation Guide V-230963CAT IIForescout must enforce password complexity by requiring that at least one uppercase character be used.Forescout Network Device Management Security Technical Implementation Guide V-234204CAT IIThe FortiGate device must enforce password complexity by requiring that at least one uppercase character be used.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-217453CAT IIIf multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one uppercase character be used.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266932CAT IIAOS must enforce password complexity by requiring that at least one uppercase character be used.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-215217CAT IAIX must enforce password complexity by requiring that at least one upper-case character be used.IBM AIX 7.x Security Technical Implementation Guide V-252564CAT IIIBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252583CAT IIIBM Aspera Faspex must require password complexity features to be enabled.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-252601CAT IIIBM Aspera Shares must require password complexity features to be enabled.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-65095CAT IIIf multifactor authentication is not supported and passwords must be used, the DataPower Gateway must enforce password complexity by requiring that at least one upper-case character be used.IBM DataPower Network Device Management Security Technical Implementation Guide V-24360CAT IIThe password values must be set to meet the requirements in accordance with DoDI 8500.2 for DoD information systems processing sensitive information and above, and CJCSI 6510.01E (INFORMATION ASSURANCE (IA) AND COMPUTER NETWORK DEFENSE (CND)).IBM Hardware Management Console (HMC) STIG V-255741CAT IIThe MQ Appliance network device must enforce password complexity by requiring that at least one upper-case character be used.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-237914CAT IIIBM zVM CA VM:Secure product PASSWORD user exit must be in use.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-251409CAT IIThe Ivanti MobileIron Core server must enforce password complexity by requiring that at least one uppercase character be used.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-250990CAT IIMobileIron Sentry must enforce password complexity by requiring that at least one upper-case character be used.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-250990CAT IISentry must enforce password complexity by requiring that at least one uppercase character be used.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-217324CAT IIThe Juniper router must be configured to enforce password complexity by requiring that at least one uppercase character be used.Juniper Router NDM Security Technical Implementation Guide V-66517CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.Juniper SRX SG NDM Security Technical Implementation Guide V-66519CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one upper-case character be used.Juniper SRX SG NDM Security Technical Implementation Guide V-223218CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-223219CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one uppercase character be used.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213894CAT IIIf SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.MS SQL Server 2014 Instance Security Technical Implementation Guide V-213964CAT IIf DBMS authentication using passwords is employed, SQL Server must enforce the DOD standards for password complexity and lifetime.MS SQL Server 2016 Instance Security Technical Implementation Guide V-213965CAT IIContained databases must use Windows principals.MS SQL Server 2016 Instance Security Technical Implementation Guide V-253695CAT IIf MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DOD standards for password complexity.MariaDB Enterprise 10.x Security Technical Implementation Guide V-253696CAT IIIf MariaDB authentication using passwords is employed, MariaDB must enforce the DOD standards for password lifetime.MariaDB Enterprise 10.x Security Technical Implementation Guide V-220364CAT IIIf MarkLogic Server authentication using passwords is employed, MarkLogic Server must enforce the DOD standards for password complexity and lifetime.MarkLogic Server v9 Security Technical Implementation Guide V-276303CAT IIf DBMS authentication using passwords is employed, Azure SQL Managed Instance must enforce the DOD standards for password complexity and lifetime.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-276304CAT IIAzure SQL Server Managed Instance contained databases must use Microsoft Entra or native Windows principals.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-220746CAT IIThe built-in Microsoft password complexity filter must be enabled.Microsoft Windows 10 Security Technical Implementation Guide V-253304CAT IIThe built-in Microsoft password complexity filter must be enabled.Microsoft Windows 11 Security Technical Implementation Guide V-224873CAT IIWindows Server 2016 must have the built-in Windows password complexity policy enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205652CAT IIWindows Server 2019 must have the built-in Windows password complexity policy enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254292CAT IIWindows Server 2022 must have the built-in Windows password complexity policy enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-221169CAT IIf DBMS authentication using passwords is employed, MongoDB must enforce the DoD standards for password complexity and lifetime.MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide V-252158CAT IIf passwords are used for authentication, MongoDB must implement LDAP or Kerberos for authentication to enforce the DoD standards for password complexity and lifetime.MongoDB Enterprise Advanced 4.x Security Technical Implementation Guide V-246952CAT IIONTAP must enforce password complexity by requiring that at least one uppercase character be used.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-254208CAT IINutanix AOS must enforce password complexity by requiring that at least one uppercase character be used.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-238461CAT IIThe DBMS must support organizational requirements to enforce minimum password length.Oracle Database 11.2g Security Technical Implementation Guide V-238462CAT IIThe DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations.Oracle Database 11.2g Security Technical Implementation Guide V-238463CAT IIThe DBMS must support organizational requirements to enforce password complexity by the number of upper-case characters used.Oracle Database 11.2g Security Technical Implementation Guide V-238464CAT IIThe DBMS must support organizational requirements to enforce password complexity by the number of lower-case characters used.Oracle Database 11.2g Security Technical Implementation Guide V-238465CAT IIThe DBMS must support organizational requirements to enforce password complexity by the number of numeric characters used.Oracle Database 11.2g Security Technical Implementation Guide V-238466CAT IIThe DBMS must support organizational requirements to enforce password complexity by the number of special characters used.Oracle Database 11.2g Security Technical Implementation Guide V-238467CAT IIThe DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.Oracle Database 11.2g Security Technical Implementation Guide V-238468CAT IIProcedures for establishing temporary passwords that meet DoD password requirements for new accounts must be defined, documented, and implemented.Oracle Database 11.2g Security Technical Implementation Guide V-238470CAT IIThe DBMS must enforce password maximum lifetime restrictions.Oracle Database 11.2g Security Technical Implementation Guide V-237728CAT IIThe DBMS must support organizational requirements to enforce password complexity by the number of upper-case characters used.Oracle Database 12c Security Technical Implementation Guide V-270561CAT IIOracle Database must enforce the DOD standards for password complexity.Oracle Database 19c Security Technical Implementation Guide V-270562CAT IIProcedures for establishing temporary passwords that meet DOD password requirements for new accounts must be defined, documented, and implemented.Oracle Database 19c Security Technical Implementation Guide V-270563CAT IIOracle Database must enforce password maximum lifetime restrictions.Oracle Database 19c Security Technical Implementation Guide V-221667CAT IIThe Oracle Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.Oracle Linux 7 Security Technical Implementation Guide V-221668CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.Oracle Linux 7 Security Technical Implementation Guide V-221669CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.Oracle Linux 7 Security Technical Implementation Guide V-248687CAT IIIOL 8 must enforce password complexity by requiring that at least one uppercase character be used.Oracle Linux 8 Security Technical Implementation Guide V-235137CAT IIf Database Management System (DBMS) authentication using passwords is employed, the DBMS must enforce the DOD standards for password complexity and lifetime.Oracle MySQL 8.0 Security Technical Implementation Guide V-235967CAT IIOracle WebLogic must enforce password complexity by the number of upper-case characters used.Oracle WebLogic Server 12c Security Technical Implementation Guide V-228650CAT IIIf multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one uppercase character be used.Palo Alto Networks NDM Security Technical Implementation Guide V-253538CAT IIPrisma Cloud Compute local accounts must enforce strong password requirements.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-204405CAT IIThe Red Hat Enterprise Linux operating system must be configured so that /etc/pam.d/passwd implements /etc/pam.d/system-auth when changing passwords.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204406CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204407CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230357CAT IIRHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258091CAT IIRHEL 9 must ensure the password complexity module in the system-auth file is configured for three retries or less.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258097CAT IIRHEL 9 must ensure the password complexity module is enabled in the password-auth file.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258101CAT IIRHEL 9 must enforce password complexity rules for the root account.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258111CAT IIRHEL 9 must enforce password complexity by requiring that at least one uppercase character be used.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-251428CAT IIIf DBMS authentication using passwords is employed, Redis Enterprise DBMS must enforce the DOD standards for password complexity and lifetime.Redis Enterprise 6.x Security Technical Implementation Guide V-261377CAT IISLEM 5 must enforce passwords that contain at least one uppercase character.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217117CAT IIThe SUSE operating system must enforce passwords that contain at least one upper-case character.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-11948CAT IIThe system must require passwords contain at least one uppercase alphabetic character.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-34936CAT IIGlobal settings defined in common-{account,auth,password,session} must be applied in the pam.d definition files.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216327CAT IIThe system must require passwords to contain at least one uppercase alphabetic character.Solaris 11 SPARC Security Technical Implementation Guide V-216092CAT IIThe system must require passwords to contain at least one uppercase alphabetic character.Solaris 11 X86 Security Technical Implementation Guide V-221629CAT IIISplunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one uppercase character be used.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251681CAT IIISplunk Enterprise must be configured to enforce password complexity by requiring that at least one uppercase character be used.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-241135CAT IITrend Deep Security must enforce password complexity by requiring that at least one upper-case character be used.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242239CAT IIThe TippingPoint SMS must enforce password complexity by requiring that at least one uppercase character be used.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-253060CAT IITOSS must enforce password complexity by requiring that at least one uppercase character be used.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-265317CAT IIThe NSX Manager must enforce password complexity by requiring that at least one uppercase character be used for local accounts.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-69179CAT IIIf multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one upper-case character be used.VMware NSX Manager Security Technical Implementation Guide V-240393CAT IIThe SLES for vRealize must enforce password complexity by requiring that at least one upper-case character be used.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-240394CAT IIGlobal settings defined in common- {account,auth,password,session} must be applied in the pam.d definition files.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239491CAT IIThe SLES for vRealize must enforce password complexity by requiring that at least one upper-case character be used.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-239492CAT IIGlobal settings defined in common- {account,auth,password,session} must be applied in the pam.d definition files.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256397CAT IIThe ESXi host must be configured with a sufficiently complex password policy.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256498CAT IIThe Photon operating system must enforce password complexity by requiring that at least one uppercase character be used.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256327CAT IIThe vCenter Server passwords must contain at least one uppercase character.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258734CAT IIThe ESXi host must enforce password complexity by configuring a password quality policy.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258814CAT IIThe Photon operating system must enforce password complexity by requiring that at least one uppercase character be used.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258863CAT IIThe Photon operating system must be configured to use the pam_pwquality.so module.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258913CAT IIThe vCenter Server passwords must contain at least one uppercase character.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-73323CAT IIWindows Server 2016 must have the built-in Windows password complexity policy enabled.Windows Server 2016 Security Technical Implementation Guide V-73323CAT IIWindows Server 2016 must have the built-in Windows password complexity policy enabled.Windows Server 2016 Security Technical Implementation Guide V-93459CAT IIWindows Server 2019 must have the built-in Windows password complexity policy enabled.Windows Server 2019 Security Technical Implementation Guide