STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-004065

Definition

For password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (39)

V-263537CAT IIFor password-based authentication, AAA Services must be configured to employ automated tools to assist the user in selecting strong password authenticators.AAA Services Security Requirements Guide V-268547CAT IIThe macOS system must require that passwords contain a minimum of one lowercase character and one uppercase character.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277155CAT IIThe macOS system must require that passwords contain a minimum of one lowercase character and one uppercase character.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-270726CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one uppercase character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270727CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one lowercase character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270728CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one numeric character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270729CAT IIUbuntu 24.04 LTS must require the change of at least eight characters when passwords are changed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270730CAT IIUbuntu 24.04 LTS must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270731CAT IIUbuntu 24.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270732CAT IIUbuntu 24.04 LTS must enforce a minimum 15-character password length.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270733CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-263580CAT IIThe Central Log Server must for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Central Log Server Security Requirements Guide V-271958CAT IIThe Cisco ACI must be configured to allow user selection of long passwords and passphrases, including spaces and all printable characters, for password-based authentication.Cisco ACI NDM Security Technical Implementation Guide V-242633CAT IIThe Cisco ISE must be configured to use an external authentication server to authenticate administrators prior to granting administrative access.Cisco ISE NDM Security Technical Implementation Guide V-263597CAT IIThe container platform must for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Container Platform Security Requirements Guide V-263616CAT IIThe DBMS must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Database Security Requirements Guide V-263639CAT IIThe DNS server implementation must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Domain Name System (DNS) Security Requirements Guide V-230952CAT IIForescout must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.Forescout Network Device Management Security Technical Implementation Guide V-263656CAT IIThe operating system must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.General Purpose Operating System Security Requirements Guide V-223477CAT IICA-ACF2 must prevent the use of dictionary words for passwords.IBM z/OS ACF2 Security Technical Implementation Guide V-223500CAT IICA-ACF2 must enforce password complexity by requiring that at least one special character be used.IBM z/OS ACF2 Security Technical Implementation Guide V-223504CAT IIACF2 PSWD GSO record value must be set to require the change of at least 50 percent of the total number of characters when passwords are changed.IBM z/OS ACF2 Security Technical Implementation Guide V-223508CAT IIACF2 PSWD GSO record value must be set to prohibit password reuse for a minimum of five generations or more.IBM z/OS ACF2 Security Technical Implementation Guide V-252705CAT IIIBM z/OS must enforce a minimum eight character password length.IBM z/OS ACF2 Security Technical Implementation Guide V-223724CAT IIIBM RACF PASSWORD(RULEn) SETROPTS value(s) must be properly set.IBM z/OS RACF Security Technical Implementation Guide V-223885CAT IIThe CA-TSS NEWPHRASE and PPSCHAR Control Options must be properly set.IBM z/OS TSS Security Technical Implementation Guide V-223886CAT IIThe CA-TSS NEWPW control options must be properly set.IBM z/OS TSS Security Technical Implementation Guide V-258600CAT IThe ICS must be configured to prevent nonprivileged users from executing privileged functions.Ivanti Connect Secure NDM Security Technical Implementation Guide V-253941CAT IThe Juniper EX switch must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.Juniper EX Series Switches Network Device Management Security Technical Implementation Guide V-223206CAT IIThe Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access.Juniper SRX Services Gateway NDM Security Technical Implementation Guide V-263681CAT IIThe Mainframe Product must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Mainframe Product Security Requirements Guide V-281187CAT IIRHEL 10 must require the maximum number of repeating characters of the same character class to be limited to four when passwords are changed.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-275656CAT IIUbuntu OS must be configured so that when passwords are changed or new passwords are established, pwquality must be used.Riverbed NetIM OS Security Technical Implementation Guide V-242254CAT IThe TippingPoint SMS must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access and to enforce access restrictions.Trend Micro TippingPoint NDM Security Technical Implementation Guide V-264321CAT IIThe VMM must for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Virtual Machine Manager Security Requirements Guide V-264352CAT IIThe web server must, for password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.Web Server Security Requirements Guide V-269574CAT IXylok Security Suite must use a centralized user management solution.Xylok Security Suite 20.x Security Technical Implementation Guide