STIGhub
STIGs
RMF Controls
Compare
← IA-5 (1) — Authenticator Management
CCI-000199
Definition
The information system enforces maximum password lifetime restrictions.
Parent Control
IA-5 (1)
Authenticator Management
Identification and Authentication
Linked STIG Checks (90)
V-76495
CAT II
The Akamai Luna Portal must enforce a 60-day maximum password lifetime restriction.
Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide
V-252521
CAT II
The macOS system must enforce a 60-day maximum password lifetime restriction.
Apple macOS 12 (Monterey) Security Technical Implementation Guide
V-257227
CAT II
The macOS system must enforce a 60-day maximum password lifetime restriction.
Apple macOS 13 (Ventura) Security Technical Implementation Guide
V-222545
CAT II
The application must enforce a 60-day maximum password lifetime restriction.
Application Security and Development Security Technical Implementation Guide
V-237321
CAT I
The ArcGIS Server must use Windows authentication for supporting account management functions.
ArcGIS for Server 10.3 Security Technical Implementation Guide
V-256842
CAT II
Compliance Guardian must provide automated mechanisms for supporting account management functions.
AvePoint Compliance Guardian Security Technical Implementation Guide
V-38710
CAT III
BlackBerry PlayBook OS must enforce a maximum lifetime of 120 days for the device unlock password (password age).
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide
V-219179
CAT III
The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide
V-238203
CAT III
The Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
V-260546
CAT II
Ubuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
V-269405
CAT II
Passwords for existing users must have a 60-day maximum password lifetime restriction in /etc/shadow.
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V-269406
CAT II
Passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.
Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide
V-255559
CAT II
The DBN-6300 must enforce a 60-day maximum password lifetime restriction.
DBN-6300 NDM Security Technical Implementation Guide
V-270955
CAT II
The Dragos Platform must configure local password policies.
Dragos Platform 2.x Security Technical Implementation Guide
V-228991
CAT II
The BIG-IP appliance must be configured to enforce a 60-day maximum password lifetime restriction.
F5 BIG-IP Device Management Security Technical Implementation Guide
V-255648
CAT II
CounterACT must enforce a 60-day maximum password lifetime restriction.
ForeScout CounterACT NDM Security Technical Implementation Guide
V-230169
CAT II
The HP FlexFabric Switch must enforce a 60-day maximum password lifetime restriction.
HP FlexFabric Switch NDM Security Technical Implementation Guide
V-215223
CAT II
AIX Operating systems must enforce a 60-day maximum password lifetime restriction.
IBM AIX 7.x Security Technical Implementation Guide
V-252568
CAT II
IBM Aspera Console user account passwords must have a 60-day maximum password lifetime restriction.
IBM Aspera Platform 4.2 Security Technical Implementation Guide
V-252586
CAT II
IBM Aspera Faspex user account passwords must have a 60-day maximum password lifetime restriction.
IBM Aspera Platform 4.2 Security Technical Implementation Guide
V-252603
CAT II
IBM Aspera Shares user account passwords must have a 60-day maximum password lifetime restriction.
IBM Aspera Platform 4.2 Security Technical Implementation Guide
V-24358
CAT II
The PASSWORD expiration day(s) value must be set to equal or less then 60 days.
IBM Hardware Management Console (HMC) STIG
V-255745
CAT II
Authorization for access to the MQ Appliance network device must enforce a 60-day maximum password lifetime restriction.
IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide
V-237912
CAT II
CA VM:Secure product AUTOEXP record in the Security Config File must be properly set.
IBM zVM Using CA VM:Secure Security Technical Implementation Guide
V-213895
CAT II
If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.
MS SQL Server 2014 Instance Security Technical Implementation Guide
V-74197
CAT II
The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.
McAfee Application Control 7.x Security Technical Implementation Guide
V-220716
CAT II
Accounts must be configured to require password expiration.
Microsoft Windows 10 Security Technical Implementation Guide
V-220743
CAT II
The maximum password age must be configured to 60 days or less.
Microsoft Windows 10 Security Technical Implementation Guide
V-220952
CAT II
Passwords for enabled local Administrator accounts must be changed at least every 60 days.
Microsoft Windows 10 Security Technical Implementation Guide
V-253273
CAT II
Accounts must be configured to require password expiration.
Microsoft Windows 11 Security Technical Implementation Guide
V-253301
CAT II
The maximum password age must be configured to 60 days or less.
Microsoft Windows 11 Security Technical Implementation Guide
V-253476
CAT II
Passwords for enabled local Administrator accounts must be changed at least every 60 days.
Microsoft Windows 11 Security Technical Implementation Guide
V-224820
CAT II
Passwords for the built-in Administrator account must be changed at least every 60 days.
Microsoft Windows Server 2016 Security Technical Implementation Guide
V-224839
CAT II
Passwords must be configured to expire.
Microsoft Windows Server 2016 Security Technical Implementation Guide
V-224870
CAT II
Windows Server 2016 maximum password age must be configured to 60 days or less.
Microsoft Windows Server 2016 Security Technical Implementation Guide
V-205657
CAT II
Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days.
Microsoft Windows Server 2019 Security Technical Implementation Guide
V-205658
CAT II
Windows Server 2019 passwords must be configured to expire.
Microsoft Windows Server 2019 Security Technical Implementation Guide
V-205659
CAT II
Windows Server 2019 maximum password age must be configured to 60 days or less.
Microsoft Windows Server 2019 Security Technical Implementation Guide
V-254239
CAT II
Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.
Microsoft Windows Server 2022 Security Technical Implementation Guide
V-254258
CAT II
Windows Server 2022 passwords must be configured to expire.
Microsoft Windows Server 2022 Security Technical Implementation Guide
V-254289
CAT II
Windows Server 2022 maximum password age must be configured to 60 days or less.
Microsoft Windows Server 2022 Security Technical Implementation Guide
V-254219
CAT II
Nutanix AOS must enforce a 60-day maximum password lifetime restriction.
Nutanix AOS 5.20.x OS Security Technical Implementation Guide
V-237733
CAT II
Procedures for establishing temporary passwords that meet DoD password requirements for new accounts must be defined, documented, and implemented.
Oracle Database 12c Security Technical Implementation Guide
V-237735
CAT II
The DBMS must enforce password maximum lifetime restrictions.
Oracle Database 12c Security Technical Implementation Guide
V-221683
CAT II
The Oracle Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.
Oracle Linux 7 Security Technical Implementation Guide
V-221684
CAT II
The Oracle Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
Oracle Linux 7 Security Technical Implementation Guide
V-248696
CAT II
OL 8 user account passwords must have a 60-day maximum password lifetime restriction.
Oracle Linux 8 Security Technical Implementation Guide
V-248697
CAT II
OL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
Oracle Linux 8 Security Technical Implementation Guide
V-253523
CAT II
Access to Prisma Cloud Compute must be managed based on user need and least privileged using external identity providers for authentication and grouping to role-based assignments when possible.
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
V-252843
CAT I
Rancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.
Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide
V-204420
CAT II
The Red Hat Enterprise Linux operating system must be configured so that passwords for new users are restricted to a 60-day maximum lifetime.
Red Hat Enterprise Linux 7 Security Technical Implementation Guide
V-204421
CAT II
The Red Hat Enterprise Linux operating system must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
Red Hat Enterprise Linux 7 Security Technical Implementation Guide
V-230366
CAT II
RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.
Red Hat Enterprise Linux 8 Security Technical Implementation Guide
V-230367
CAT II
RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
Red Hat Enterprise Linux 8 Security Technical Implementation Guide
V-258041
CAT II
RHEL 9 user account passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V-258042
CAT II
RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
V-257543
CAT I
OpenShift must use FIPS validated LDAP or OpenIDConnect.
Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide
V-254093
CAT I
Innoslate must use multifactor authentication for network access to privileged and non-privileged accounts.
SPEC Innovations Innoslate 4.x Security Technical Implementation Guide
V-261389
CAT II
SLEM 5 must employ user passwords with a maximum lifetime of 60 days.
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
V-261395
CAT II
SLEM 5 must be configured to create or update passwords with a maximum lifetime of 60 days.
SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide
V-217130
CAT II
The SUSE operating system must be configured to create or update passwords with a maximum lifetime of 60 days.
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
V-217131
CAT II
The SUSE operating system must employ user passwords with a maximum lifetime of 60 days.
SUSE Linux Enterprise Server 12 Security Technical Implementation Guide
V-11977
CAT II
All non-interactive/automated processing account passwords must be changed at least once per year or be locked.
SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide
V-216321
CAT II
User passwords must be changed at least every 60 days.
Solaris 11 SPARC Security Technical Implementation Guide
V-216086
CAT II
User passwords must be changed at least every 60 days.
Solaris 11 X86 Security Technical Implementation Guide
V-221634
CAT III
Splunk Enterprise must enforce a 60-day maximum password lifetime restriction for the account of last resort.
Splunk Enterprise 7.x for Windows Security Technical Implementation Guide
V-251687
CAT III
Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction.
Splunk Enterprise 8.x for Linux Security Technical Implementation Guide
V-254913
CAT II
The Tanium application must enforce a 60-day maximum password lifetime restriction.
Tanium 7.x Application on TanOS Security Technical Implementation Guide
V-254844
CAT II
The Tanium Operating System (TanOS) must enforce a 60-day maximum password lifetime restriction.
Tanium 7.x Operating System on TanOS Security Technical Implementation Guide
V-213320
CAT II
The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.
Trellix Application Control 8.x Security Technical Implementation Guide
V-241139
CAT II
Trend Deep Security must enforce a 60-day maximum password lifetime restriction.
Trend Micro Deep Security 9.x Security Technical Implementation Guide
V-253067
CAT II
TOSS must enforce a 60-day maximum password lifetime restriction.
Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide
V-69187
CAT II
The NSX vCenter must enforce a 60-day maximum password lifetime restriction.
VMware NSX Manager Security Technical Implementation Guide
V-240402
CAT II
SLES for vRealize must enforce a 60-day maximum password lifetime restriction.
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide
V-240403
CAT II
User passwords must be changed at least every 60 days.
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide
V-239499
CAT II
SLES for vRealize must enforce a 60-day maximum password lifetime restriction.
VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide
V-239500
CAT II
User passwords must be changed at least every 60 days.
VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide
V-256505
CAT II
The Photon operating system must be configured so that passwords for new users are restricted to a 90-day maximum lifetime.
VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide
V-256332
CAT II
The vCenter Server must enforce a 60-day maximum password lifetime restriction.
VMware vSphere 7.0 vCenter Security Technical Implementation Guide
V-258821
CAT II
The Photon operating systems must enforce a 90-day maximum password lifetime restriction.
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide
V-258918
CAT II
The vCenter Server must enforce a 90-day maximum password lifetime restriction.
VMware vSphere 8.0 vCenter Security Technical Implementation Guide
V-73223
CAT II
Passwords for the built-in Administrator account must be changed at least every 60 days.
Windows Server 2016 Security Technical Implementation Guide
V-73223
CAT II
Passwords for the built-in Administrator account must be changed at least every 60 days.
Windows Server 2016 Security Technical Implementation Guide
V-73263
CAT II
Passwords must be configured to expire.
Windows Server 2016 Security Technical Implementation Guide
V-73263
CAT II
Passwords must be configured to expire.
Windows Server 2016 Security Technical Implementation Guide
V-73317
CAT II
Windows Server 2016 maximum password age must be configured to 60 days or less.
Windows Server 2016 Security Technical Implementation Guide
V-73317
CAT II
Windows Server 2016 maximum password age must be configured to 60 days or less.
Windows Server 2016 Security Technical Implementation Guide
V-93473
CAT II
Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days.
Windows Server 2019 Security Technical Implementation Guide
V-93475
CAT II
Windows Server 2019 passwords must be configured to expire.
Windows Server 2019 Security Technical Implementation Guide
V-93477
CAT II
Windows Server 2019 maximum password age must be configured to 60 days or less.
Windows Server 2019 Security Technical Implementation Guide