STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-000205

Definition

The information system enforces minimum password length.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (121)

V-76485CAT IIThe Akamai Luna Portal must enforce a minimum 15-character password length.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-250929CAT IIApple iOS/iPadOS 15 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 15 Security Technical Implementation Guide V-257107CAT IIApple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-259763CAT IIApple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258320CAT IIApple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-252523CAT IIThe macOS system must enforce a minimum 15-character password length.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257229CAT IIThe macOS system must enforce a minimum 15-character password length.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-222536CAT IThe application must enforce a minimum 15-character password length.Application Security and Development Security Technical Implementation Guide V-237321CAT IThe ArcGIS Server must use Windows authentication for supporting account management functions.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-217355CAT IIThe Arista Multilayer Switch account of last resort must have a password with a length of 15 characters.Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide V-255954CAT IIThe Arista network device must enforce a minimum 15-character password length.Arista MLS EOS 4.2x NDM Security Technical Implementation Guide V-255954CAT IIThe Arista network device must enforce a minimum 15-character password length.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-38712CAT IIBlackBerry PlayBook OS must enforce a minimum length for the work area password.BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-38737CAT IIIBlackBerry PlayBook OS must enforce a minimum length for the device unlock password.BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide V-255506CAT IIThe CA API Gateway must enforce a minimum 15-character password length.CA API Gateway NDM Security Technical Implementation Guide V-219181CAT IIThe Ubuntu operating system must enforce a minimum 15-character password length.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238225CAT IIThe Ubuntu operating system must enforce a minimum 15-character password length.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260565CAT IIUbuntu 22.04 LTS must enforce a minimum 15-character password length.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-239914CAT IIThe Cisco ASA must be configured to enforce a minimum 15-character password length.Cisco ASA NDM Security Technical Implementation Guide V-220589CAT IIThe Cisco switch must be configured to enforce a minimum 15-character password length.Cisco IOS Switch NDM Security Technical Implementation Guide V-215826CAT IIThe Cisco router must be configured to enforce a minimum 15-character password length.Cisco IOS XE Router NDM Security Technical Implementation Guide V-242645CAT IIFor accounts using password authentication, the Cisco ISE must enforce a minimum 15-character password length.Cisco ISE NDM Security Technical Implementation Guide V-255552CAT IIThe DBN-6300 must enforce a minimum 15-character password length.DBN-6300 NDM Security Technical Implementation Guide V-270955CAT IIThe Dragos Platform must configure local password policies.Dragos Platform 2.x Security Technical Implementation Guide V-217398CAT IIThe BIG-IP appliance must be configured to enforce a minimum 15-character password length.F5 BIG-IP Device Management Security Technical Implementation Guide V-266087CAT IIThe F5 BIG-IP appliance must enforce a minimum 15-character password length.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255644CAT IICounterACT must enforce a minimum 15-character password length.ForeScout CounterACT NDM Security Technical Implementation Guide V-230965CAT IIForescout must enforce a minimum 15-character password length.Forescout Network Device Management Security Technical Implementation Guide V-234203CAT IIThe FortiGate device must enforce a minimum 15-character password length.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-258476CAT IIGoogle Android 13 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.Google Android 13 BYOAD Security Technical Implementation Guide V-254765CAT IIGoogle Android 13 must be configured to enforce a minimum password length of six characters.Google Android 13 COPE Security Technical Implementation Guide V-260126CAT IIGoogle Android 14 must be configured to enforce a minimum password length of six characters and not allow passwords that include more than four repeating or sequential characters.Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-217452CAT IIThe HP FlexFabric Switch must enforce a minimum 15-character password length.HP FlexFabric Switch NDM Security Technical Implementation Guide V-237828CAT IIThe storage system must require passwords contain a minimum of 15 characters, after an administrator has set the minimum password length to that value.HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide V-266931CAT IIAOS must enforce a minimum 15-character password length.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-235035CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to enforce a minimum password length of six characters.Honeywell Android 9.x COBO Security Technical Implementation Guide V-259714CAT IIThe Honeywell Mobility Edge Android Pie device must be configured to enforce a minimum password length of six characters.Honeywell Android 9.x COPE Security Technical Implementation Guide V-215225CAT IAIX must use Loadable Password Algorithm (LPA) password hashing algorithm.IBM AIX 7.x Security Technical Implementation Guide V-215226CAT IAIX must enforce a minimum 15-character password length.IBM AIX 7.x Security Technical Implementation Guide V-252564CAT IIIBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-65091CAT IIThe DataPower Gateway must enforce a minimum 15-character password length.IBM DataPower Network Device Management Security Technical Implementation Guide V-255739CAT IIThe MQ Appliance network device must enforce a minimum 15-character password length.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-237914CAT IIIBM zVM CA VM:Secure product PASSWORD user exit must be in use.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-251407CAT IIThe Ivanti MobileIron Core server must enforce a minimum 15-character password length.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-250989CAT IIMobileIron Sentry device must enforce a minimum 15-character password length.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-250989CAT IISentry device must enforce a minimum 15-character password length.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253904CAT IIThe Juniper EX switch must be configured to enforce a minimum 15-character password length.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217323CAT IIThe Juniper router must be configured to enforce a minimum 15-character password length.Juniper Router NDM Security Technical Implementation Guide V-66515CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce a minimum 15-character password length.Juniper SRX SG NDM Security Technical Implementation Guide V-223217CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce a minimum 15-character password length.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213894CAT IIIf SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.MS SQL Server 2014 Instance Security Technical Implementation Guide V-220745CAT IIPasswords must, at a minimum, be 14 characters.Microsoft Windows 10 Security Technical Implementation Guide V-253303CAT IIPasswords must, at a minimum, be 14 characters.Microsoft Windows 11 Security Technical Implementation Guide V-224823CAT IIManually managed application account passwords must be at least 14 characters in length.Microsoft Windows Server 2016 Security Technical Implementation Guide V-224872CAT IIWindows Server 2016 minimum password length must be configured to 14 characters.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205661CAT IIWindows Server 2019 manually managed application account passwords must be at least 14 characters in length.Microsoft Windows Server 2019 Security Technical Implementation Guide V-205662CAT IIWindows Server 2019 minimum password length must be configured to 14 characters.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254242CAT IIWindows Server 2022 manually managed application account passwords must be at least 14 characters in length.Microsoft Windows Server 2022 Security Technical Implementation Guide V-254291CAT IIWindows Server 2022 minimum password length must be configured to 14 characters.Microsoft Windows Server 2022 Security Technical Implementation Guide V-246951CAT IIONTAP must enforce a minimum 15-character password length.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-243134CAT IIThe password configured on the WLAN access point for key generation and client access must be set to a 15-character or longer complex password as required by USCYBERCOM CTO 07-15 Rev1.Network WLAN AP-IG Management Security Technical Implementation Guide V-243135CAT IIThe network device must enforce a minimum 15-character password length.Network WLAN AP-IG Management Security Technical Implementation Guide V-243153CAT IIThe network device must enforce a minimum 15-character password length.Network WLAN AP-NIPR Management Security Technical Implementation Guide V-243171CAT IIThe network device must enforce a minimum 15-character password length.Network WLAN Bridge Management Security Technical Implementation Guide V-243189CAT IIThe network device must enforce a minimum 15-character password length.Network WLAN Controller Management Security Technical Implementation Guide V-254211CAT IINutanix AOS must enforce a minimum 15 character password length.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-237726CAT IIThe DBMS must support organizational requirements to enforce minimum password length.Oracle Database 12c Security Technical Implementation Guide V-221686CAT IIThe Oracle Linux operating system must be configured so that passwords are a minimum of 15 characters in length.Oracle Linux 7 Security Technical Implementation Guide V-248699CAT IIOL 8 passwords must have a minimum of 15 characters.Oracle Linux 8 Security Technical Implementation Guide V-235966CAT IIOracle WebLogic must enforce minimum password length.Oracle WebLogic Server 12c Security Technical Implementation Guide V-228648CAT IIIf multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce a minimum 15-character password length.Palo Alto Networks NDM Security Technical Implementation Guide V-253538CAT IIPrisma Cloud Compute local accounts must enforce strong password requirements.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-204423CAT IIThe Red Hat Enterprise Linux operating system must be configured so that passwords are a minimum of 15 characters in length.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230369CAT IIRHEL 8 passwords must have a minimum of 15 characters.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-230370CAT IIRHEL 8 passwords for new users must have a minimum of 15 characters.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258101CAT IIRHEL 9 must enforce password complexity rules for the root account.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258107CAT IIRHEL 9 passwords must be created with a minimum of 15 characters.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275465CAT IIThe Riverbed NetIM must enforce a minimum 15-character password length.Riverbed NetIM NDM Security Technical Implementation Guide V-261382CAT IISLEM 5 must employ passwords with a minimum of 15 characters.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217127CAT IIThe SUSE operating system must employ passwords with a minimum of 15 characters.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-11947CAT IIThe system must require passwords contain a minimum of 15 characters.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-22302CAT IIThe system must enforce compliance of the entire password during authentification.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-260442CAT IISamsung Android must be configured to enforce a minimum password length of six characters.Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-255111CAT IISamsung Android must be configured to enforce a minimum password length of six characters.Samsung Android OS 13 with Knox 3.x COBO Security Technical Implementation Guide V-255141CAT IISamsung Android must be configured to enforce a minimum password length of six characters.Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide V-258630CAT IISamsung Android must be configured to enforce a minimum password length of six characters.Samsung Android OS 14 with Knox 3.x COBO Security Technical Implementation Guide V-258667CAT IISamsung Android must be configured to enforce a minimum password length of six characters.Samsung Android OS 14 with Knox 3.x COPE Security Technical Implementation Guide V-245527CAT IIThe Samsung SDS EMM local accounts password must be configured with length of 15 characters.Samsung SDS EMM Security Technical Implementation Guide V-216324CAT IIUser passwords must be at least 15 characters in length.Solaris 11 SPARC Security Technical Implementation Guide V-216089CAT IIUser passwords must be at least 15 characters in length.Solaris 11 X86 Security Technical Implementation Guide V-221632CAT IISplunk Enterprise must enforce a minimum 15-character password length for the account of last resort.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251684CAT IIISplunk Enterprise must be configured to enforce a minimum 15-character password length.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-94701CAT IISymantec ProxySG must be configured to enforce a minimum 15-character password length for local accounts.Symantec ProxySG NDM Security Technical Implementation Guide V-254910CAT IIThe Tanium application must enforce a minimum 15-character password length.Tanium 7.x Application on TanOS Security Technical Implementation Guide V-254846CAT IIThe Tanium Operating System (TanOS) must enforce a minimum 15-character password length.Tanium 7.x Operating System on TanOS Security Technical Implementation Guide V-241134CAT IITrend Deep Security must enforce a minimum 15-character password length.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242238CAT IIThe TippingPoint SMS must enforce a minimum 15-character password length.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-253069CAT IITOSS must enforce a minimum 15-character password length.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-265316CAT IIThe NSX Manager must enforce a minimum 15-character password length for local accounts.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-69175CAT IIThe NSX vCenter must enforce a minimum 15-character password length.VMware NSX Manager Security Technical Implementation Guide V-251780CAT IIThe NSX-T Manager must enforce a minimum 15-character password length.VMware NSX-T Manager NDM Security Technical Implementation Guide V-251259CAT IThe Workspace ONE UEM local accounts password must be configured with length of 15 characters.VMware Workspace ONE UEM Security Technical Implementation Guide V-240406CAT IIThe SLES for vRealize must enforce a minimum 15-character password length.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239503CAT IIThe SLES for vRealize must enforce a minimum 15-character password length.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256397CAT IIThe ESXi host must be configured with a sufficiently complex password policy.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256507CAT IIThe Photon operating system must enforce a minimum eight-character password length.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256325CAT IIThe vCenter Server passwords must be at least 15 characters in length.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258734CAT IIThe ESXi host must enforce password complexity by configuring a password quality policy.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258823CAT IIThe Photon operating system must enforce a minimum 15-character password length.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258911CAT IIThe vCenter Server passwords must be at least 15 characters in length.VMware vSphere 8.0 vCenter Security Technical Implementation Guide V-73229CAT IIManually managed application account passwords must be at least 15 characters in length.Windows Server 2016 Security Technical Implementation Guide V-73229CAT IIManually managed application account passwords must be at least 15 characters in length.Windows Server 2016 Security Technical Implementation Guide V-73321CAT IIWindows Server 2016 minimum password length must be configured to 14 characters.Windows Server 2016 Security Technical Implementation Guide V-73321CAT IIWindows Server 2016 minimum password length must be configured to 14 characters.Windows Server 2016 Security Technical Implementation Guide V-93461CAT IIWindows Server 2019 manually managed application account passwords must be at least 15 characters in length.Windows Server 2019 Security Technical Implementation Guide V-93463CAT IIWindows Server 2019 minimum password length must be configured to 14 characters.Windows Server 2019 Security Technical Implementation Guide V-252850CAT IIZebra Android 11 must be configured to enforce a minimum password length of six characters.Zebra Android 11 COBO Security Technical Implementation Guide