STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Amazon Linux 2023 Security Technical Implementation Guide

V-274161

CAT II (Medium)

Amazon Linux 2023 must ensure the password complexity module is enabled in the password-auth file.

Rule ID

SV-274161r1120471_rule

STIG

Amazon Linux 2023 Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-004066, CCI-000192, CCI-000193

Discussion

Enabling PAM password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.

Check Content

Verify Amazon Linux 2023 uses "pwquality" to enforce the password complexity rules in the password-auth file with the following command:

$ grep pam_pwquality /etc/pam.d/password-auth
password required pam_pwquality.so 

If the command does not return a line containing the value "pam_pwquality.so", or the line is commented out, this is a finding.

If the system administrator can demonstrate that the required configuration is contained in a PAM configuration file included or substacked from the system-auth file, this is not a finding.

Fix Text

Configure Amazon Linux 2023 to use "pwquality" to enforce password complexity rules.

Add the following line to the "/etc/pam.d/password-auth" file (or modify the line to have the required value):

password required pam_pwquality.so