STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← IA-5 (1) — Authenticator Management

CCI-004066

Definition

For password-based authentication, enforce organization-defined composition and complexity rules.

Parent Control

IA-5 (1)Authenticator ManagementIdentification and Authentication

Linked STIG Checks (200)

V-204664CAT IIAAA Services must be configured to enforce a minimum 15-character password length.AAA Services Security Requirements Guide V-204666CAT IIAAA Services must be configured to enforce password complexity by requiring that at least one uppercase character be used.AAA Services Security Requirements Guide V-204667CAT IIAAA Services must be configured to enforce password complexity by requiring that at least one lowercase character be used.AAA Services Security Requirements Guide V-204668CAT IIAAA Services must be configured to enforce password complexity by requiring that at least one numeric character be used.AAA Services Security Requirements Guide V-204669CAT IIAAA Services must be configured to enforce password complexity by requiring that at least one special character be used.AAA Services Security Requirements Guide V-204670CAT IIAAA Services must be configured to require the change of at least eight of the total number of characters when passwords are changed.AAA Services Security Requirements Guide V-204673CAT IIAAA Services must be configured to enforce 24 hours as the minimum password lifetime.AAA Services Security Requirements Guide V-204674CAT IIAAA Services must be configured to enforce a 60-day maximum password lifetime restriction.AAA Services Security Requirements Guide V-274133CAT IIAmazon Linux 2023 must enforce password complexity by requiring that at least one uppercase character be used.Amazon Linux 2023 Security Technical Implementation Guide V-274134CAT IIAmazon Linux 2023 must enforce password complexity by requiring that at least one lowercase character be used.Amazon Linux 2023 Security Technical Implementation Guide V-274135CAT IIAmazon Linux 2023 must enforce password complexity by requiring that at least one numeric character be used.Amazon Linux 2023 Security Technical Implementation Guide V-274136CAT IIAmazon Linux 2023 must require the change of at least 50 percent of the total number of characters when passwords are changed.Amazon Linux 2023 Security Technical Implementation Guide V-274137CAT IIAmazon Linux 2023 must enforce a minimum 15-character password length.Amazon Linux 2023 Security Technical Implementation Guide V-274138CAT IIAmazon Linux 2023 must enforce password complexity by requiring that at least one special character be used.Amazon Linux 2023 Security Technical Implementation Guide V-274139CAT IIAmazon Linux 2023 must enforce password complexity rules for the root account.Amazon Linux 2023 Security Technical Implementation Guide V-274143CAT IIAmazon Linux 2023 must enforce 24 hours/1 day as the minimum password lifetime.Amazon Linux 2023 Security Technical Implementation Guide V-274148CAT IIAmazon Linux 2023 must be able to enforce a 60-day maximum password lifetime restriction.Amazon Linux 2023 Security Technical Implementation Guide V-274161CAT IIAmazon Linux 2023 must ensure the password complexity module is enabled in the password-auth file.Amazon Linux 2023 Security Technical Implementation Guide V-268126CAT IINixOS must enforce password complexity by requiring that at least one uppercase character be used.Anduril NixOS Security Technical Implementation Guide V-268127CAT IINixOS must enforce password complexity by requiring that at least one lowercase character be used.Anduril NixOS Security Technical Implementation Guide V-268128CAT IINixOS must enforce password complexity by requiring that at least one numeric character be used.Anduril NixOS Security Technical Implementation Guide V-268129CAT IINixOS must require the change of at least 50 percent of the total number of characters when passwords are changed.Anduril NixOS Security Technical Implementation Guide V-268132CAT IINixOS must enforce 24 hours/one day as the minimum password lifetime.Anduril NixOS Security Technical Implementation Guide V-268133CAT IINixOS must enforce a 60-day maximum password lifetime restriction.Anduril NixOS Security Technical Implementation Guide V-268134CAT IINixOS must enforce a minimum 15-character password length.Anduril NixOS Security Technical Implementation Guide V-268145CAT IINixOS must enforce password complexity by requiring that at least one special character be used.Anduril NixOS Security Technical Implementation Guide V-254588CAT IIApple iOS/iPadOS 16 must be configured to enforce a minimum password length of six characters.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-258320CAT IIApple iOS/iPadOS 17 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-258321CAT IIApple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-267987CAT IIApple iOS/iPadOS 18 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-267988CAT IIApple iOS/iPadOS 18 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278747CAT IIApple iOS/iPadOS 26 must be configured to enforce a minimum password length of six characters.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-278748CAT IIApple iOS/iPadOS 26 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-259537CAT IIThe macOS system must require passwords contain a minimum of one numeric character.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259538CAT IIThe macOS system must restrict maximum password lifetime to 60 days.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259540CAT IIThe macOS system must require a minimum password length of 14 characters.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259541CAT IIThe macOS system must require passwords contain a minimum of one special character.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259550CAT IIThe macOS system must require passwords contain a minimum of one lowercase character and one uppercase character.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-259551CAT IIThe macOS system must set minimum password lifetime to 24 hours.Apple macOS 14 (Sonoma) Security Technical Implementation Guide V-268535CAT IIThe macOS system must require that passwords contain a minimum of one numeric character.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268536CAT IIThe macOS system must restrict maximum password lifetime to 60 days.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268537CAT IIThe macOS system must require a minimum password length of 14 characters.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268538CAT IIThe macOS system must require that passwords contain a minimum of one special character.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268547CAT IIThe macOS system must require that passwords contain a minimum of one lowercase character and one uppercase character.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-268548CAT IIThe macOS system must set minimum password lifetime to 24 hours.Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277144CAT IIThe macOS system must require that passwords contain a minimum of one numeric character.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277145CAT IIThe macOS system must restrict maximum password lifetime to 60 days.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277146CAT IIThe macOS system must require a minimum password length of 14 characters.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277147CAT IIThe macOS system must require that passwords contain a minimum of one special character.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277155CAT IIThe macOS system must require that passwords contain a minimum of one lowercase character and one uppercase character.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-277156CAT IIThe macOS system must set minimum password lifetime to 24 hours.Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-276380CAT IIApple visionOS 2 must be configured to enforce a minimum password length of six characters.Apple visionOS 2 Security Technical Implementation Guide V-276381CAT IIApple visionOS 2 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple visionOS 2 Security Technical Implementation Guide V-282789CAT IIApple visionOS 26 must be configured to enforce a minimum password length of six characters.Apple visionOS 26 Security Technical Implementation Guide V-282790CAT IIApple visionOS 26 must be configured to not allow passwords that include more than four repeating or sequential characters.Apple visionOS 26 Security Technical Implementation Guide V-222536CAT IThe application must enforce a minimum 15-character password length.Application Security and Development Security Technical Implementation Guide V-222537CAT IIThe application must enforce password complexity by requiring that at least one uppercase character be used.Application Security and Development Security Technical Implementation Guide V-222538CAT IIThe application must enforce password complexity by requiring that at least one lowercase character be used.Application Security and Development Security Technical Implementation Guide V-222539CAT IIThe application must enforce password complexity by requiring that at least one numeric character be used.Application Security and Development Security Technical Implementation Guide V-222540CAT IIThe application must enforce password complexity by requiring that at least one special character be used.Application Security and Development Security Technical Implementation Guide V-222541CAT IIThe application must require the change of at least eight of the total number of characters when passwords are changed.Application Security and Development Security Technical Implementation Guide V-222544CAT IIThe application must enforce 24 hours/1 day as the minimum password lifetime.Application Security and Development Security Technical Implementation Guide V-222545CAT IIThe application must enforce a 60-day maximum password lifetime restriction.Application Security and Development Security Technical Implementation Guide V-272627CAT IIICylanceON-PREM must be configured to use a third-party identity provider.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-255954CAT IIThe Arista network device must enforce a minimum 15-character password length.Arista MLS EOS 4.X NDM Security Technical Implementation Guide V-276012CAT IAx-OS must have no local accounts for the user interface.Axonius Federal Systems Ax-OS Security Technical Implementation Guide V-238202CAT IIIThe Ubuntu operating system must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238203CAT IIIThe Ubuntu operating system must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238221CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one upper-case character be used.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238222CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238223CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238224CAT IIIThe Ubuntu operating system must require the change of at least 8 characters when passwords are changed.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238225CAT IIThe Ubuntu operating system must enforce a minimum 15-character password length.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-238226CAT IIIThe Ubuntu operating system must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260545CAT IIUbuntu 22.04 LTS must enforce 24 hours/one day as the minimum password lifetime. Passwords for new users must have a 24 hours/one day minimum password lifetime restriction.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260546CAT IIUbuntu 22.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260560CAT IIUbuntu 22.04 LTS must enforce password complexity by requiring at least one uppercase character be used.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260561CAT IIUbuntu 22.04 LTS must enforce password complexity by requiring at least one lowercase character be used.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260562CAT IIUbuntu 22.04 LTS must enforce password complexity by requiring that at least one numeric character be used.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260563CAT IIUbuntu 22.04 LTS must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260565CAT IIUbuntu 22.04 LTS must enforce a minimum 15-character password length.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-260566CAT IIUbuntu 22.04 LTS must require the change of at least eight characters when passwords are changed.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270726CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one uppercase character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270727CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one lowercase character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270728CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one numeric character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270729CAT IIUbuntu 24.04 LTS must require the change of at least eight characters when passwords are changed.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270730CAT IIUbuntu 24.04 LTS must enforce 24 hours/1 day as the minimum password lifetime. Passwords for new users must have a 24 hours/1 day minimum password lifetime restriction.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270731CAT IIUbuntu 24.04 LTS must enforce a 60-day maximum password lifetime restriction. Passwords for new users must have a 60-day maximum password lifetime restriction.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270732CAT IIUbuntu 24.04 LTS must enforce a minimum 15-character password length.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-270733CAT IIUbuntu 24.04 LTS must enforce password complexity by requiring that at least one special character be used.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-206467CAT IIThe Central Log Server must be configured to enforce a minimum 15-character password length.Central Log Server Security Requirements Guide V-206469CAT IIIThe Central Log Server must be configured to enforce password complexity by requiring that at least one uppercase character be used.Central Log Server Security Requirements Guide V-206470CAT IIIThe Central Log Server must be configured to enforce password complexity by requiring that at least one lowercase character be used.Central Log Server Security Requirements Guide V-206471CAT IIIThe Central Log Server must be configured to enforce password complexity by requiring that at least one numeric character be used.Central Log Server Security Requirements Guide V-206472CAT IIIThe Central Log Server must be configured to enforce password complexity by requiring that at least one special character be used.Central Log Server Security Requirements Guide V-206473CAT IIIThe Central Log Server must be configured to require the change of at least eight of the total number of characters when passwords are changed.Central Log Server Security Requirements Guide V-206476CAT IIIThe Central Log Server must be configured to enforce 24 hours/1 day as the minimum password lifetime.Central Log Server Security Requirements Guide V-206477CAT IIIThe Central Log Server must be configured to enforce a 60-day maximum password lifetime restriction.Central Log Server Security Requirements Guide V-271958CAT IIThe Cisco ACI must be configured to allow user selection of long passwords and passphrases, including spaces and all printable characters, for password-based authentication.Cisco ACI NDM Security Technical Implementation Guide V-271960CAT IIThe Cisco ACI must enforce a minimum 15-character password length.Cisco ACI NDM Security Technical Implementation Guide V-239914CAT IIThe Cisco ASA must be configured to enforce a minimum 15-character password length.Cisco ASA NDM Security Technical Implementation Guide V-239915CAT IIThe Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco ASA NDM Security Technical Implementation Guide V-239916CAT IIThe Cisco ASA must be configured to enforce password complexity by requiring that at least one lowercase character be used.Cisco ASA NDM Security Technical Implementation Guide V-239917CAT IIThe Cisco ASA must be configured to enforce password complexity by requiring that at least one numeric character be used.Cisco ASA NDM Security Technical Implementation Guide V-239918CAT IIThe Cisco ASA must be configured to enforce password complexity by requiring that at least one special character be used.Cisco ASA NDM Security Technical Implementation Guide V-239919CAT IIThe Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco ASA NDM Security Technical Implementation Guide V-215681CAT IIThe Cisco router must be configured to enforce a minimum 15-character password length.Cisco IOS Router NDM Security Technical Implementation Guide V-215682CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco IOS Router NDM Security Technical Implementation Guide V-215683CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one lowercase character be used.Cisco IOS Router NDM Security Technical Implementation Guide V-215684CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.Cisco IOS Router NDM Security Technical Implementation Guide V-215685CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.Cisco IOS Router NDM Security Technical Implementation Guide V-215686CAT IIThe Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco IOS Router NDM Security Technical Implementation Guide V-220589CAT IIThe Cisco switch must be configured to enforce a minimum 15-character password length.Cisco IOS Switch NDM Security Technical Implementation Guide V-220590CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco IOS Switch NDM Security Technical Implementation Guide V-220591CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one lowercase character be used.Cisco IOS Switch NDM Security Technical Implementation Guide V-220592CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used.Cisco IOS Switch NDM Security Technical Implementation Guide V-220593CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.Cisco IOS Switch NDM Security Technical Implementation Guide V-220594CAT IIThe Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco IOS Switch NDM Security Technical Implementation Guide V-215826CAT IIThe Cisco router must be configured to enforce a minimum 15-character password length.Cisco IOS XE Router NDM Security Technical Implementation Guide V-215827CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco IOS XE Router NDM Security Technical Implementation Guide V-215828CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one lowercase character be used.Cisco IOS XE Router NDM Security Technical Implementation Guide V-215829CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used.Cisco IOS XE Router NDM Security Technical Implementation Guide V-215830CAT IIThe Cisco router must be configured to enforce password complexity by requiring that at least one special character be used.Cisco IOS XE Router NDM Security Technical Implementation Guide V-215831CAT IIThe Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco IOS XE Router NDM Security Technical Implementation Guide V-220537CAT IIThe Cisco switch must be configured to enforce a minimum 15-character password length.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220538CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220539CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one lowercase character be used.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220540CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220541CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-220542CAT IIThe Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.Cisco IOS XE Switch NDM Security Technical Implementation Guide V-242645CAT IIFor accounts using password authentication, the Cisco ISE must enforce a minimum 15-character password length.Cisco ISE NDM Security Technical Implementation Guide V-242646CAT IIFor accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one uppercase character be used.Cisco ISE NDM Security Technical Implementation Guide V-242647CAT IIFor accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one lowercase character be used.Cisco ISE NDM Security Technical Implementation Guide V-242648CAT IIFor accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one digit be used.Cisco ISE NDM Security Technical Implementation Guide V-242649CAT IIFor accounts using password authentication, the Cisco ISE must enforce password complexity by requiring that at least one special character be used.Cisco ISE NDM Security Technical Implementation Guide V-220489CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used.Cisco NX OS Switch NDM Security Technical Implementation Guide V-220490CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one lower-case character be used.Cisco NX OS Switch NDM Security Technical Implementation Guide V-220491CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used.Cisco NX OS Switch NDM Security Technical Implementation Guide V-220492CAT IIThe Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used.Cisco NX OS Switch NDM Security Technical Implementation Guide V-269385CAT IIAlmaLinux OS 9 must enforce password complexity by requiring that at least one lowercase character be used.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269386CAT IIAlmaLinux OS 9 must ensure the password complexity module is enabled in the password-auth file.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269387CAT IIAlmaLinux OS 9 must ensure the password complexity module in the system-auth file is configured for three retries or less.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269388CAT IIAlmaLinux OS 9 must enforce password complexity rules for the root account.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269389CAT IIAlmaLinux OS 9 must enforce password complexity by requiring that at least one uppercase character be used.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269390CAT IIAlmaLinux OS 9 must enforce password complexity by requiring that at least one special character be used.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269392CAT IIAlmaLinux OS 9 passwords must be created with a minimum of 15 characters.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269393CAT IIAlmaLinux OS 9 must enforce password complexity by requiring that at least one numeric character be used.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269394CAT IIAlmaLinux OS 9 must require the change of at least four character classes when passwords are changed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269395CAT IIAlmaLinux OS 9 must require the maximum number of repeating characters be limited to three when passwords are changed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269396CAT IIAlmaLinux OS 9 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-269397CAT IIAlmaLinux OS 9 must require the change of at least eight characters when passwords are changed.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233088CAT IIThe container platform must enforce a minimum 15-character password length.Container Platform Security Requirements Guide V-233090CAT IIThe container platform must enforce password complexity by requiring that at least one uppercase character be used.Container Platform Security Requirements Guide V-233091CAT IIThe container platform must enforce password complexity by requiring that at least one lowercase character be used.Container Platform Security Requirements Guide V-233092CAT IIThe container platform must enforce password complexity by requiring that at least one numeric character be used.Container Platform Security Requirements Guide V-233093CAT IIThe container platform must enforce password complexity by requiring that at least one special character be used.Container Platform Security Requirements Guide V-233094CAT IIThe container platform must require the change of at least eight of the total number of characters when passwords are changed.Container Platform Security Requirements Guide V-233097CAT IIThe container platform must enforce 24 hours (one day) as the minimum password lifetime.Container Platform Security Requirements Guide V-233098CAT IIThe container platform must enforce a 60-day maximum password lifetime restriction.Container Platform Security Requirements Guide V-206555CAT IIf DBMS authentication, using passwords, is employed, the DBMS must enforce the DOD standards for password complexity and lifetime.Database Security Requirements Guide V-269781CAT IIThe Dell OS10 Switch must enforce a minimum 15-character password length.Dell OS10 Switch NDM Security Technical Implementation Guide V-269782CAT IIThe Dell OS10 Switch must enforce password complexity by requiring that at least one uppercase character be used.Dell OS10 Switch NDM Security Technical Implementation Guide V-269783CAT IIThe Dell OS10 Switch must enforce password complexity by requiring that at least one lowercase character be used.Dell OS10 Switch NDM Security Technical Implementation Guide V-269784CAT IIThe Dell OS10 Switch must enforce password complexity by requiring that at least one numeric character be used.Dell OS10 Switch NDM Security Technical Implementation Guide V-269785CAT IIThe Dell OS10 Switch must enforce password complexity by requiring that at least one special character be used.Dell OS10 Switch NDM Security Technical Implementation Guide V-263640CAT IIThe DNS server implementation must, for password-based authentication, enforce organization-defined composition and complexity rules.Domain Name System (DNS) Security Requirements Guide V-259246CAT IIf DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DOD standards for password complexity and lifetime.EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide V-278408CAT IIThe NGINX service account must be configured to lock changes to the password.F5 NGINX Security Technical Implementation Guide V-230963CAT IIForescout must enforce password complexity by requiring that at least one uppercase character be used.Forescout Network Device Management Security Technical Implementation Guide V-230964CAT IIForescout must enforce password complexity by requiring that at least one lowercase character be used.Forescout Network Device Management Security Technical Implementation Guide V-230965CAT IIForescout must enforce a minimum 15-character password length.Forescout Network Device Management Security Technical Implementation Guide V-230966CAT IIForescout must enforce password complexity by requiring that at least one numeric character be used.Forescout Network Device Management Security Technical Implementation Guide V-230967CAT IIForescout must enforce password complexity by requiring that at least one special character be used.Forescout Network Device Management Security Technical Implementation Guide V-230968CAT IIIForescout must require that when a password is changed, the characters are changed in at least eight of the positions within the password.Forescout Network Device Management Security Technical Implementation Guide V-203625CAT IIThe operating system must enforce password complexity by requiring that at least one uppercase character be used.General Purpose Operating System Security Requirements Guide V-203626CAT IIThe operating system must enforce password complexity by requiring that at least one lowercase character be used.General Purpose Operating System Security Requirements Guide V-203627CAT IIThe operating system must enforce password complexity by requiring that at least one numeric character be used.General Purpose Operating System Security Requirements Guide V-203628CAT IIThe operating system must require the change of at least 50 percent of the total number of characters when passwords are changed.General Purpose Operating System Security Requirements Guide V-203631CAT IIOperating systems must enforce 24 hours/1 day as the minimum password lifetime.General Purpose Operating System Security Requirements Guide V-203632CAT IIOperating systems must enforce a 60-day maximum password lifetime restriction.General Purpose Operating System Security Requirements Guide V-203634CAT IIThe operating system must enforce a minimum 15-character password length.General Purpose Operating System Security Requirements Guide V-203676CAT IIThe operating system must enforce password complexity by requiring that at least one special character be used.General Purpose Operating System Security Requirements Guide V-258378CAT IIGoogle Android 14 must be configured to enforce a minimum password length of six characters.Google Android 14 COBO Security Technical Implementation Guide V-258379CAT IIGoogle Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters.Google Android 14 COBO Security Technical Implementation Guide V-258409CAT IIGoogle Android 14 must be configured to enforce a minimum password length of six characters.Google Android 14 COPE Security Technical Implementation Guide V-258410CAT IIGoogle Android 14 must be configured to not allow passwords that include more than four repeating or sequential characters.Google Android 14 COPE Security Technical Implementation Guide V-267431CAT IIGoogle Android 15 must be configured to enforce a minimum password length of six characters.Google Android 15 COBO Security Technical Implementation Guide V-267432CAT IIGoogle Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters.Google Android 15 COBO Security Technical Implementation Guide V-267526CAT IIGoogle Android 15 must be configured to enforce a minimum password length of six characters.Google Android 15 COPE Security Technical Implementation Guide V-267527CAT IIGoogle Android 15 must be configured to not allow passwords that include more than four repeating or sequential characters.Google Android 15 COPE Security Technical Implementation Guide V-276749CAT IIGoogle Android 16 must be configured to enforce a minimum password length of six characters.Google Android 16 COBO Security Technical Implementation Guide V-276750CAT IIGoogle Android 16 must be configured to not allow passwords that include more than four repeating or sequential characters.Google Android 16 COBO Security Technical Implementation Guide V-276851CAT IIGoogle Android 16 must be configured to enforce a minimum password length of six characters.Google Android 16 COPE Security Technical Implementation Guide V-276852CAT IIGoogle Android 16 must be configured to not allow passwords that include more than four repeating or sequential characters.Google Android 16 COPE Security Technical Implementation Guide V-255241CAT IISSMC must enforce a minimum 15-character password length.HPE 3PAR SSMC Operating System Security Technical Implementation Guide V-255280CAT IIThe HPE 3PAR OS must be configured to enforce a minimum 15-character password length.HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide V-283381CAT IIThe HPE Alletra Storage ArcusOS device must enforce a minimum 15-character password length.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-283382CAT IIThe HPE Alletra Storage ArcusOS device must enforce password complexity by requiring at least one uppercase character, one lowercase character, one numeric character, and one special character be used.HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide V-252190CAT IIThe HPE Nimble must enforce a minimum 15-character password length.HPE Nimble Storage Array NDM Security Technical Implementation Guide V-252191CAT IIThe HPE Nimble must enforce password complexity by requiring that at least one uppercase character be used.HPE Nimble Storage Array NDM Security Technical Implementation Guide