STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 10 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Solaris 11 X86 Security Technical Implementation Guide

V-216097

CAT II (Medium)

The system must not have accounts configured with blank or null passwords.

Rule ID

SV-216097r959010_rule

STIG

Solaris 11 X86 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-000366

Discussion

Complex passwords can reduce the likelihood of success of automated password-guessing attacks.

Check Content

The root role is required.

Determine if accounts with blank or null passwords exist.

# logins -po

If any account is listed, this is a finding.

Fix Text

The root role is required.

Remove, lock, or configure a password for any account with a blank password.

# passwd [username]
or
Use the passwd -l command to lock accounts that are not permitted to execute commands. 
or
Use the passwd -N command to set accounts to be non-login.