STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-001619

Definition

The information system enforces password complexity by the minimum number of special characters used.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (78)

V-76493CAT IIIf multifactor authentication is not supported and passwords must be used, the Akamai Luna Portal must enforce password complexity by requiring that at least one special character be used.Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide V-252524CAT IIThe macOS system must enforce password complexity by requiring that at least one special character be used.Apple macOS 12 (Monterey) Security Technical Implementation Guide V-257230CAT IIThe macOS system must enforce password complexity by requiring that at least one special character be used.Apple macOS 13 (Ventura) Security Technical Implementation Guide V-222540CAT IIThe application must enforce password complexity by requiring that at least one special character be used.Application Security and Development Security Technical Implementation Guide V-237321CAT IThe ArcGIS Server must use Windows authentication for supporting account management functions.ArcGIS for Server 10.3 Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-256842CAT IICompliance Guardian must provide automated mechanisms for supporting account management functions.AvePoint Compliance Guardian Security Technical Implementation Guide V-219210CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238226CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260563CAT IIUbuntu 22.04 LTS must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-239918CAT IIThe Cisco ASA must be configured to enforce password complexity by requiring that at least one special character be used.Cisco ASA NDM Security Technical Implementation Guide V-220593CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.Cisco IOS Switch NDM Security Technical Implementation Guide V-215830CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.Cisco IOS XE Router NDM Security Technical Implementation Guide V-242649CAT IIFor accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one special character be used.Cisco ISE NDM Security Technical Implementation Guide V-220492CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.Cisco NX OS Switch NDM Security Technical Implementation Guide V-255557CAT IIIf multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one special character be used.DBN-6300 NDM Security Technical Implementation Guide V-270955CAT IIThe Dragos Platform must configure local password policies.Dragos Platform 2.x Security Technical Implementation Guide V-217402CAT IIIf multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must enforce password complexity by requiring that at least one special character be used.F5 BIG-IP Device Management Security Technical Implementation Guide V-266091CAT IIThe F5 BIG-IP appliance must enforce password complexity by requiring that at least one special character be used.F5 BIG-IP TMOS NDM Security Technical Implementation Guide V-255647CAT IICounterACT must enforce password complexity by requiring that at least one special character be used.ForeScout CounterACT NDM Security Technical Implementation Guide V-230967CAT IIForescout must enforce password complexity by requiring that at least one special character be used.Forescout Network Device Management Security Technical Implementation Guide V-234207CAT IIThe FortiGate device must enforce password complexity by requiring that at least one special character be used.Fortinet FortiGate Firewall NDM Security Technical Implementation Guide V-217456CAT IIIf multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one special character be used.HP FlexFabric Switch NDM Security Technical Implementation Guide V-266935CAT IIAOS must enforce password complexity by requiring that at least one special character be used.HPE Aruba Networking AOS NDM Security Technical Implementation Guide V-215227CAT IIAIX must enforce password complexity by requiring that at least one special character be used.IBM AIX 7.x Security Technical Implementation Guide V-252564CAT IIIBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol.IBM Aspera Platform 4.2 Security Technical Implementation Guide V-65101CAT IIIf multifactor authentication is not supported and passwords must be used, the DataPower Gateway must enforce password complexity by requiring that at least one special character be used.IBM DataPower Network Device Management Security Technical Implementation Guide V-255744CAT IIThe MQ Appliance network device must enforce password complexity by requiring that at least one special character be used.IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide V-237914CAT IIIBM zVM CA VM:Secure product PASSWORD user exit must be in use.IBM zVM Using CA VM:Secure Security Technical Implementation Guide V-251412CAT IIThe Ivanti MobileIron Core server must enforce password complexity by requiring that at least one special character be used.Ivanti MobileIron Core MDM Server Security Technical Implementation Guide V-250993CAT IIMobileIron Sentry must enforce password complexity by requiring that at least one special character be used.Ivanti MobileIron Sentry 9.x NDM Security Technical Implementation Guide V-250993CAT IISentry must enforce password complexity by requiring that at least one special character be used.Ivanti Sentry 9.x NDM Security Technical Implementation Guide V-253908CAT IIThe Juniper EX switch must be configured to enforce password complexity by requiring that at least one punctuation (special) character be used.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-217327CAT IIThe Juniper router must be configured to enforce password complexity by requiring that at least one special character be used.Juniper Router NDM Security Technical Implementation Guide V-66525CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one special character be used.Juniper SRX SG NDM Security Technical Implementation Guide V-223222CAT IIFor local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by requiring at least one special character be used.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-213894CAT IIIf SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity.MS SQL Server 2014 Instance Security Technical Implementation Guide V-74221CAT IIThe Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.McAfee Application Control 7.x Security Technical Implementation Guide V-220746CAT IIThe built-in Microsoft password complexity filter must be enabled.Microsoft Windows 10 Security Technical Implementation Guide V-224873CAT IIWindows Server 2016 must have the built-in Windows password complexity policy enabled.Microsoft Windows Server 2016 Security Technical Implementation Guide V-205652CAT IIWindows Server 2019 must have the built-in Windows password complexity policy enabled.Microsoft Windows Server 2019 Security Technical Implementation Guide V-254292CAT IIWindows Server 2022 must have the built-in Windows password complexity policy enabled.Microsoft Windows Server 2022 Security Technical Implementation Guide V-246955CAT IIONTAP must enforce password complexity by requiring that at least one special character be used.NetApp ONTAP DSC 9.x Security Technical Implementation Guide V-254212CAT IINutanix AOS must enforce password complexity by requiring that at least one special character be used.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-237731CAT IIThe DBMS must support organizational requirements to enforce password complexity by the number of special characters used.Oracle Database 12c Security Technical Implementation Guide V-221672CAT IIThe Oracle Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one special character.Oracle Linux 7 Security Technical Implementation Guide V-248709CAT IIIAll OL 8 passwords must contain at least one special character.Oracle Linux 8 Security Technical Implementation Guide V-235970CAT IIOracle WebLogic must enforce password complexity by the number of special characters used.Oracle WebLogic Server 12c Security Technical Implementation Guide V-228653CAT IIIf multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must enforce password complexity by requiring that at least one special character be used.Palo Alto Networks NDM Security Technical Implementation Guide V-253538CAT IIPrisma Cloud Compute local accounts must enforce strong password requirements.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-252843CAT IRancher MCM must use a centralized user management solution to support account management functions. For accounts using password authentication, the container platform must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.Rancher Government Solutions Multi-Cluster Manager Security Technical Implementation Guide V-204410CAT IIThe Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one special character.Red Hat Enterprise Linux 7 Security Technical Implementation Guide V-230375CAT IIAll RHEL 8 passwords must contain at least one special character.Red Hat Enterprise Linux 8 Security Technical Implementation Guide V-258101CAT IIRHEL 9 must enforce password complexity rules for the root account.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-258109CAT IIRHEL 9 must enforce password complexity by requiring that at least one special character be used.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257543CAT IOpenShift must use FIPS validated LDAP or OpenIDConnect.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-254093CAT IInnoslate must use multifactor authentication for network access to privileged and non-privileged accounts.SPEC Innovations Innoslate 4.x Security Technical Implementation Guide V-261380CAT IISLEM 5 must enforce passwords that contain at least one special character.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217120CAT IIThe SUSE operating system must enforce passwords that contain at least one special character.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-11973CAT IIThe system must require passwords contain at least one special character.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide V-216330CAT IIThe system must require passwords to contain at least one special character.Solaris 11 SPARC Security Technical Implementation Guide V-216095CAT IIThe system must require passwords to contain at least one special character.Solaris 11 X86 Security Technical Implementation Guide V-221633CAT IIISplunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one special character be used.Splunk Enterprise 7.x for Windows Security Technical Implementation Guide V-251685CAT IIISplunk Enterprise must be configured to enforce password complexity by requiring that at least one special character be used.Splunk Enterprise 8.x for Linux Security Technical Implementation Guide V-213318CAT IIThe Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.Trellix Application Control 8.x Security Technical Implementation Guide V-241138CAT IITrend Deep Security must enforce password complexity by requiring that at least one special character be used.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242242CAT IIThe TippingPoint SMS must enforce password complexity by requiring that at least one special character be used.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-253087CAT IITOSS must enforce password complexity by requiring that at least one special character be used.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-265320CAT IIThe NSX Manager must enforce password complexity by requiring that at least one special character be used for local accounts.VMware NSX 4.x Manager NDM Security Technical Implementation Guide V-69185CAT IIIf multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one special character be used.VMware NSX Manager Security Technical Implementation Guide V-240496CAT IIThe SLES for vRealize must enforce password complexity by requiring that at least one special character be used.VMware vRealize Automation 7.x SLES Security Technical Implementation Guide V-239585CAT IIThe SLES for vRealize must enforce password complexity by requiring that at least one special character be used.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-256397CAT IIThe ESXi host must be configured with a sufficiently complex password policy.VMware vSphere 7.0 ESXi Security Technical Implementation Guide V-256524CAT IIThe Photon operating system must enforce password complexity by requiring that at least one special character be used.VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide V-256330CAT IIThe vCenter Server passwords must contain at least one special character.VMware vSphere 7.0 vCenter Security Technical Implementation Guide V-258734CAT IIThe ESXi host must enforce password complexity by configuring a password quality policy.VMware vSphere 8.0 ESXi Security Technical Implementation Guide V-258838CAT IIThe Photon operating system must enforce password complexity by requiring that at least one special character be used.VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide V-258916CAT IIThe vCenter Server passwords must contain at least one special character.VMware vSphere 8.0 vCenter Security Technical Implementation Guide