STIGhub
STIGs
RMF Controls
Compare
← IA-5 (1) — Authenticator Management
CCI-000198
Definition
The information system enforces minimum password lifetime restrictions.
Parent Control
IA-5 (1)
Authenticator Management
Identification and Authentication
Linked STIG Checks (55)
V-222544
CAT II
The application must enforce 24 hours/1 day as the minimum password lifetime.
Application Security and Development Security Technical Implementation Guide
V-237321
CAT I
The ArcGIS Server must use Windows authentication for supporting account management functions.
ArcGIS for Server 10.3 Security Technical Implementation Guide
V-272627
CAT III
CylanceON-PREM must be configured to use a third-party identity provider.
Arctic Wolf CylanceON-PREM Security Technical Implementation Guide
V-256842
CAT II
Compliance Guardian must provide automated mechanisms for supporting account management functions.
AvePoint Compliance Guardian Security Technical Implementation Guide
V-219178
CAT III
The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide
V-238202
CAT III
The Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.
Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
V-260545
CAT II
Ubuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction.
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
V-269407
CAT II
Passwords for existing users must have a 24-hour minimum password lifetime restriction in /etc/shadow.
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V-269408
CAT II
Passwords for new users or password changes must have a 24-hour minimum password lifetime restriction in /etc/login.defs.
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V-255558
CAT II
The DBN-6300 must enforce 24 hours/1 day as the minimum password lifetime.
DBN-6300 NDM Security Technical Implementation Guide
V-270910
CAT II
Dragos Platform must use an Identity Provider (IDP) for authentication and authorization processes.
Dragos Platform 2.x Security Technical Implementation Guide
V-228990
CAT II
The BIG-IP appliance must be configured to enforce 24 hours/1 day as the minimum password lifetime.
F5 BIG-IP Device Management Security Technical Implementation Guide
V-230168
CAT II
The HP FlexFabric Switch must enforce 24 hours/1 day as the minimum password lifetime.
HP FlexFabric Switch NDM Security Technical Implementation Guide
V-215222
CAT II
AIX Operating systems must enforce 24 hours/1 day as the minimum password lifetime.
IBM AIX 7.x Security Technical Implementation Guide
V-237914
CAT II
IBM zVM CA VM:Secure product PASSWORD user exit must be in use.
IBM zVM Using CA VM:Secure Security Technical Implementation Guide
V-213895
CAT II
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.
MS SQL Server 2014 Instance Security Technical Implementation Guide
V-220744
CAT II
The minimum password age must be configured to at least 1 day.
Microsoft Windows 10 Security Technical Implementation Guide
V-253302
CAT II
The minimum password age must be configured to at least 1 day.
Microsoft Windows 11 Security Technical Implementation Guide
V-224871
CAT II
Windows Server 2016 minimum password age must be configured to at least one day.
Microsoft Windows Server 2016 Security Technical Implementation Guide
V-205656
CAT II
Windows Server 2019 minimum password age must be configured to at least one day.
Microsoft Windows Server 2019 Security Technical Implementation Guide
V-254290
CAT II
Windows Server 2022 minimum password age must be configured to at least one day.
Microsoft Windows Server 2022 Security Technical Implementation Guide
V-254218
CAT II
Nutanix AOS must enforce 24 hours/1 day as the minimum password lifetime.
Nutanix AOS 5.20.x OS Security Technical Implementation Guide
V-221681
CAT II
The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 24 hours/1 day minimum lifetime.
Oracle Linux 7 Security Technical Implementation Guide
V-221682
CAT II
The Oracle Linux operating system must be configured so that passwords are restricted to a 24 hours/1 day minimum lifetime.
Oracle Linux 7 Security Technical Implementation Guide
V-248694
CAT II
OL 8 passwords for new users or password changes must have a 24 hours/one day minimum password lifetime restriction in "/etc/shadow".
Oracle Linux 8 Security Technical Implementation Guide
V-248695
CAT II
OL 8 passwords for new users or password changes must have a 24 hours/one day minimum password lifetime restriction in "/etc/login.defs".
Oracle Linux 8 Security Technical Implementation Guide
V-253523
CAT II
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
V-252843
CAT I
Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide
V-204418
CAT II
The Red Hat Enterprise Linux operating system must be configured so that passwords for new users are restricted to a 24 hours/1 day minimum lifetime.
Red Hat Enterprise Linux 7 Security Technical Implementation Guide
V-204419
CAT II
The Red Hat Enterprise Linux operating system must be configured so that passwords are restricted to a 24 hours/1 day minimum lifetime.
Red Hat Enterprise Linux 7 Security Technical Implementation Guide
V-230364
CAT II
RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.
Red Hat Enterprise Linux 8 Security Technical Implementation Guide
V-230365
CAT II
RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/login.defs.
Red Hat Enterprise Linux 8 Security Technical Implementation Guide
V-258104
CAT II
RHEL 9 passwords for new users or password changes must have a 24 hours minimum password lifetime restriction in /etc/login.defs.
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V-258105
CAT II
RHEL 9 passwords must have a 24 hours minimum password lifetime restriction in /etc/shadow.
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V-257543
CAT I
OpenShift must use FIPS validated LDAP or OpenIDConnect.
Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide
V-254093
CAT I
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
SPEC Innovations Innoslate 4.x Security Technical Implementation Guide
V-261388
CAT II
SLEM 5 must employ user passwords with a minimum lifetime of 24 hours (one day).
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
V-261394
CAT II
SLEM 5 must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
V-217128
CAT II
The SUSE operating system must be configured to create or update passwords with a minimum lifetime of 24 hours (one day).
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
V-217129
CAT II
The SUSE operating system must employ user passwords with a minimum lifetime of 24 hours (one day).
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
V-1032
CAT II
Users must not be able to change passwords more than once every 24 hours.
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide
V-216323
CAT II
The operating system must enforce minimum password lifetime restrictions.
Solaris 11 SPARC Security Technical Implementation Guide
V-216088
CAT II
The operating system must enforce minimum password lifetime restrictions.
Solaris 11 X86 Security Technical Implementation Guide
V-254912
CAT II
Tanium must enforce 24 hours/one day as the minimum password lifetime.
Tanium 7.x Application on TanOS Security Technical Implementation Guide
V-254843
CAT II
The Tanium Operating System (TanOS) must enforce 24 hours/one day as the maximum password lifetime.
Tanium 7.x Operating System on TanOS Security Technical Implementation Guide
V-253066
CAT II
TOSS must enforce 24 hours/one day as the minimum password lifetime.
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
V-240400
CAT II
SLES for vRealize must enforce 24 hours/1 day as the minimum password lifetime.
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide
V-240401
CAT II
Users must not be able to change passwords more than once every 24 hours.
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide
V-239497
CAT II
SLES for vRealize must enforce 24 hours/1 day as the minimum password lifetime.
VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide
V-239498
CAT II
Users must not be able to change passwords more than once every 24 hours.
VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide
V-256504
CAT II
The Photon operating system must be configured so that passwords for new users are restricted to a 24-hour minimum lifetime.
VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide
V-258820
CAT II
The Photon operating system must enforce one day as the minimum password lifetime.
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
V-73319
CAT II
Windows Server 2016 minimum password age must be configured to at least one day.
Windows Server 2016 Security Technical Implementation Guide
V-73319
CAT II
Windows Server 2016 minimum password age must be configured to at least one day.
Windows Server 2016 Security Technical Implementation Guide
V-93471
CAT II
Windows Server 2019 minimum password age must be configured to at least one day.
Windows Server 2019 Security Technical Implementation Guide