STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-000195

Definition

The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (70)

V-259764CAT IIApple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258321CAT IIApple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-222541CAT IIThe application must require the change of at least eight of the total number of characters when passwords are changed.Application Security and Development Security Technical Implementation Guide V-237321CAT IThe ArcGIS Server must use Windows authentication for supporting account management functions.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-255507CAT IIIf multifactor authentication is not supported and passwords must be used, the CA API Gateway must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.CA API Gateway NDM Security Technical Implementation Guide V-219175CAT IIIThe Ubuntu operating system must require the change of at least 8 characters when passwords are changed.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238224CAT IIIThe Ubuntu operating system must require the change of at least 8 characters when passwords are changed.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260566CAT IIUbuntu 22.04 LTS must require the change of at least eight characters when passwords are changed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-239919CAT IIThe Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco ASA NDM Security Technical Implementation Guide V-220594CAT IIThe Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco IOS Switch NDM Security Technical Implementation Guide V-215831CAT IIThe Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco IOS XE Router NDM Security Technical Implementation Guide V-270910CAT IIDragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.Dragos Platform 2.x Security Technical Implementation Guide V-217403CAT IIIf multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.F5 BIG-IP Device Management Security Technical Implementation Guide V-266092CAT IIThe F5 BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight of the positions within the password.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-230968CAT IIIForescout must require that when a password is changed, the characters are changed in at least eight of the positions within the password.Forescout Network Device Management Security Technical Implementation Guide V-234221CAT IIThe FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-266967CAT IIAOS must require that when a password is changed, the characters are changed in at least eight of the positions within the password.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-215220CAT IAIX must require the change of at least 50% of the total number of characters when passwords are changed.IBM AIX 7.x Security Technical Implementation Guide V-237914CAT IIIBM zVM CA VM:Secure product PASSWORD user exit must be in use.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-253909CAT IIThe Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-213894CAT IIIf SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.MS SQL Server 2014 Instance Security Technical Implementation Guide V-254213CAT IINutanix AOS must require the change of at least 50 percent of the total number of characters when passwords are changed.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254214CAT IINutanix AOS must require the change of at least four character classes when passwords are changed.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254215CAT IINutanix AOS must require the maximum number of repeating characters be limited to three when passwords are changed.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-254216CAT IINutanix AOS must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-237732CAT IIThe DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.Oracle Database 12c Security Technical Implementation Guide V-221673CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.Oracle Linux 7 Security Technical Implementation Guide V-221674CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.Oracle Linux 7 Security Technical Implementation Guide V-221675CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.Oracle Linux 7 Security Technical Implementation Guide V-221676CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.Oracle Linux 7 Security Technical Implementation Guide V-248690CAT IIOL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.Oracle Linux 8 Security Technical Implementation Guide V-248691CAT IIOL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.Oracle Linux 8 Security Technical Implementation Guide V-248692CAT IIOL 8 must require the change of at least four character classes when passwords are changed.Oracle Linux 8 Security Technical Implementation Guide V-248693CAT IIIOL 8 must require the change of at least eight characters when passwords are changed.Oracle Linux 8 Security Technical Implementation Guide V-228654CAT IIIf multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.Palo Alto Networks NDM Security Technical Implementation Guide V-253523CAT IIAccess to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-204411CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204412CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204413CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-204414CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230360CAT IIRHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230361CAT IIRHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230362CAT IIRHEL 8 must require the change of at least four character classes when passwords are changed.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230363CAT IIRHEL 8 must require the change of at least 8 characters when passwords are changed.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258101CAT IIRHEL 9 must enforce password complexity rules for the root account.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258112CAT IIRHEL 9 must require the change of at least eight characters when passwords are changed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258113CAT IIRHEL 9 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258114CAT IIRHEL 9 must require the maximum number of repeating characters be limited to three when passwords are changed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258115CAT IIRHEL 9 must require the change of at least four character classes when passwords are changed.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261383CAT IISLEM 5 must require the change of at least eight of the total number of characters when passwords are changed.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217121CAT IIThe SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-22306CAT IIThe system must require at least eight characters be changed between the old and new passwords during a password change.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-260441CAT IISamsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258628CAT IISamsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide V-258665CAT IISamsung Android must be configured to not allow passwords that include more than four repeating or sequential characters.Samsung Android OS 14 with Knox 3.x COPE Security Technical Implementation Guide V-216326CAT IIThe system must require at least eight characters be changed between the old and new passwords during a password change.Solaris 11 SPARC Security Technical Implementation Guide V-216091CAT IIThe system must require at least eight characters be changed between the old and new passwords during a password change.Solaris 11 X86 Security Technical Implementation Guide V-253063CAT IITOSS must require the change of at least eight characters when passwords are changed.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-265321CAT IIThe NSX Manager must require that when a password is changed, the characters are changed in at least eight of the positions within the password.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-240397CAT IThe SLES for vRealize must require the change of at least eight of the total number of characters when passwords are changed.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239495CAT IIThe SLES for vRealize must require the change of at least eight of the total number of characters when passwords are changed.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256397CAT IIThe ESXi host must be configured with a sufficiently complex password policy.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256501CAT IIThe Photon operating system must require that new passwords are at least four characters different from the old password.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-258734CAT IIThe ESXi host must enforce password complexity by configuring a password quality policy.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258817CAT IIThe Photon operating system must require the change of at least eight characters when passwords are changed.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide