← Back to IBM Aspera Platform 4.2 Security Technical Implementation Guide

V-252583

CAT II (Medium)

IBM Aspera Faspex must require password complexity features to be enabled.

Rule ID

SV-252583r818123_rule

STIG

IBM Aspera Platform 4.2 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000192 CCI-000193 CCI-000194 CCI-001620

Discussion

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.

Check Content

If the IBM Aspera Faspex feature of the Aspera Platform is not installed, this is Not Applicable.

Verify IBM Aspera Faspex requires password complexity: 

- Log in to the IBM Aspera Faspex web page as a user with administrative privilege. 
- Select the "Server" tab.
- Select the "Configuration" tab.
- Select the "Security" section.
- Verify the "Faspex accounts" "Use strong passwords" option is checked.

If the "Use strong passwords" option is not checked, this is a finding.

If the "Use strong passwords" option is checked, downgrade this requirement to a CAT III.

Fix Text

Configure IBM Aspera Faspex to require password complexity: 

- Log in to the IBM Aspera Faspex web page as a user with administrative privilege. 
- Select the "Server" tab.
- Select the "Configuration" tab.
- Select the "Security" section.
- Put a check the "Faspex accounts" "Use strong passwords" check box.
- Select "Update" at the bottom of the page.