STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-004063

Definition

For password-based authentication, require immediate selection of a new password upon account recovery.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (24)

V-263535CAT IIFor password-based authentication, AAA Services must be configured to require immediate selection of a new password upon account recovery.AAA Services Security Requirements Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-263578CAT IIThe Central Log Server must for password-based authentication, require immediate selection of a new password upon account recovery.Central Log Server Security Requirements Guide V-242633CAT IIThe Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.Cisco ISE NDM Security Technical Implementation Guide V-263595CAT IIThe container platform must for password-based authentication, require immediate selection of a new password upon account recovery.Container Platform Security Requirements Guide V-263614CAT IIThe DBMS must, for password-based authentication, require immediate selection of a new password upon account recovery.Database Security Requirements Guide V-263637CAT IIThe DNS server implementation must, for password-based authentication, require immediate selection of a new password upon account recovery.Domain Name System (DNS) Security Requirements Guide V-230952CAT IIForescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.Forescout Network Device Management Security Technical Implementation Guide V-263654CAT IIThe operating system must for password-based authentication, require immediate selection of a new password upon account recovery.General Purpose Operating System Security Requirements Guide V-223958CAT IICA-TSS ACID creation must use the EXP option.IBM z/OS TSS Security Technical Implementation Guide V-258600CAT IThe ICS must be configured to prevent nonprivileged users from executing privileged functions.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253941CAT IThe Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-223206CAT IIThe Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-263679CAT IIThe Mainframe Product must, for password-based authentication, require immediate selection of a new password upon account recovery.Mainframe Product Security Requirements Guide V-276276CAT IIAzure SQL Server Managed Instance must, for password-based authentication, require immediate selection of a new password upon account recovery.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-271400CAT IISQL Server must, for password-based authentication, require immediate selection of a new password upon account recovery.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-270588CAT IIOracle Database must, for password-based authentication, require immediate selection of a new password upon account recovery.Oracle Database 19c Security Technical Implementation Guide V-275466CAT IIIThe Riverbed NetIM must be configured to require immediate selection of a new password upon account recovery for password-based authentication.Riverbed NetIM NDM Security Technical Implementation Guide V-281379CAT IIFor password-based authentication, TCMax must require immediate selection of a new password upon account recovery.Soaring Software Solutions TCMax 9.x Security Technical Implementation Guide V-242254CAT IThe TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-264319CAT IIThe VMM must for password-based authentication, require immediate selection of a new password upon account recovery.Virtual Machine Manager Security Requirements Guide V-264350CAT IIThe web server must, for password-based authentication, require immediate selection of a new password upon account recovery.Web Server Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide