Rule ID
SV-270955r1155105_rule
Version
V1R6
CCIs
CCI-000205, CCI-000192, CCI-000193, CCI-000194, CCI-001619, CCI-000199
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password. Satisfies: SRG-APP-000164, SRG-APP-000166, SRG-APP-000167, SRG-APP-000168, SRG-APP-000169, SRG-APP-000174
Check password configurations. In the UI, navigate to Admin >> SiteStore Management >> Authentication Providers. Click "EDIT" in the Local Authentication section. Verify the following settings: 1. Password Expiration is set to "2 months" or less. 2. Password Reuse Limit is set to "5" or less. 3. Minimum Length is set to "15" or greater. 4. Uppercase and lowercase letters is checked. 5. Special characters is checked. 6. Numeric characters is checked. 7. Number of failed logins is set to "5", within is set to "15 minutes", results in is set to "60 minute lockout". If any settings are not configured correctly, this is a finding.
Change password configurations. In the UI, navigate to Admin >> SiteStore Management >> Authentication Providers. Click "EDIT" in the Local Authentication section. Change the fields to the following settings: Password Expiration = "2 months" or less Password Reuse Limit = "5" or less Minimum Length = "15" or greater Uppercase and lowercase letters = Checked Special characters = Checked Numeric characters = Checked Number of failed logins = 5 Within = 15 minutes Results in = 60 minute lockout Click "SAVE". For DragOS CLI: Passwords must meet a minimum requirement of 15 characters. Maximum password age is 1 year by default, and is configurable via the CLI.