← Back to IBM Aspera Platform 4.2 Security Technical Implementation Guide

V-252601

CAT II (Medium)

IBM Aspera Shares must require password complexity features to be enabled.

Rule ID

SV-252601r817973_rule

STIG

IBM Aspera Platform 4.2 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000192 CCI-000193 CCI-000194

Discussion

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.

Check Content

If the IBM Aspera Shares feature of the Aspera Platform is not installed, this is Not Applicable.

Verify IBM Aspera Shares requires password complexity: 

- Log in to the IBM Aspera Shares web page as a user with administrative privilege. 
- Select the "Admin" tab.
- Scroll down to the "Security" section.
- Select the "User Security" option.
- Verify the "Require strong passwords" option is checked.

If the "Require strong passwords" option is not checked, this is a finding.

If the "Require strong passwords" option is checked, downgrade this requirement to a CAT III.

Fix Text

Configure IBM Aspera Shares to require password complexity: 

- Log in to the IBM Aspera Shares web page as a user with administrative privilege. 
- Select the "Admin" tab.
- Scroll down to the "Security" section.
- Select the "User Security" option.
- Put a check the "Require strong passwords" check box.
- Select "Save" at the bottom of the page.