STIGhub
STIGs
RMF Controls
Compare
← All Controls
IA-5 (1)
Identification and Authentication
Rev 3
Authenticator Management
CCI Identifiers (32)
CCI-000192
The information system enforces password complexity by the minimum number of upper case characters used.
CCI-000191
The organization enforces password complexity by the number of special characters used.
deprecated
CCI-000193
The information system enforces password complexity by the minimum number of lower case characters used.
CCI-000194
The information system enforces password complexity by the minimum number of numeric characters used.
CCI-000195
The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.
CCI-000196
The information system, for password-based authentication, stores only cryptographically-protected passwords.
CCI-000197
For password-based authentication, transmit passwords only over cryptographically-protected channels.
CCI-000198
The information system enforces minimum password lifetime restrictions.
CCI-000199
The information system enforces maximum password lifetime restrictions.
CCI-000200
The information system prohibits password reuse for the organization-defined number of generations.
CCI-000205
The information system enforces minimum password length.
CCI-001611
The organization defines the minimum number of special characters for password complexity enforcement.
CCI-001612
The organization defines the minimum number of upper case characters for password complexity enforcement.
CCI-001613
The organization defines the minimum number of lower case characters for password complexity enforcement.
CCI-001614
The organization defines the minimum number of numeric characters for password complexity enforcement.
CCI-001615
The organization defines the minimum number of characters that are changed when new passwords are created.
CCI-001616
The organization defines minimum password lifetime restrictions.
CCI-001617
The organization defines maximum password lifetime restrictions.
CCI-001618
The organization defines the number of generations for which password reuse is prohibited.
CCI-001619
The information system enforces password complexity by the minimum number of special characters used.
CCI-002041
The information system allows the use of a temporary password for system logons with an immediate change to a permanent password.
CCI-004057
Defines the frequency for updating commonly used, expected, or compromised passwords, when they are suspected of being compromised directly or indirectly.
CCI-004058
For password-based authentication, maintain a list of commonly used, expected, or compromised passwords on an organization-defined frequency.
CCI-004059
For password-based authentication, update the list of passwords on an organization-defined frequency.
CCI-004060
For password-based authentication, update the list of passwords when organizational passwords are suspected to have been compromised directly or indirectly.
CCI-004061
For password-based authentication, verify when users create or update passwords, that the passwords are not found on the list of commonly-used, expected, or compromised passwords in IA-5 (1) (a).
CCI-004062
For password-based authentication, store passwords using an approved salted key derivation function, preferably using a keyed hash.
CCI-004063
For password-based authentication, require immediate selection of a new password upon account recovery.
CCI-004064
For password-based authentication, allow user selection of long passwords and passphrases, including spaces and all printable characters.
CCI-004065
For password-based authentication, employ automated tools to assist the user in selecting strong password authenticators.
CCI-004066
For password-based authentication, enforce organization-defined composition and complexity rules.
CCI-004067
Defines the composition and complexity rules to be enforced.
Linked STIG Checks (200)
Across 43 STIGs. Click to expand.
▶
A10 Networks ADC NDM Security Technical Implementation Guide
1 check
▶
AAA Services Security Requirements Guide
16 checks
▶
Adobe ColdFusion Security Technical Implementation Guide
8 checks
▶
Akamai KSD Service Impact Level 2 NDM Security Technical Implementation Guide
7 checks
▶
Amazon Linux 2023 Security Technical Implementation Guide
15 checks
▶
Anduril NixOS Security Technical Implementation Guide
10 checks
▶
Apache Server 2.4 UNIX Server Security Technical Implementation Guide
1 check
▶
Apache Server 2.4 UNIX Site Security Technical Implementation Guide
1 check
▶
Apache Server 2.4 Windows Server Security Technical Implementation Guide
1 check
▶
Apache Tomcat Application Server 9 Security Technical Implementation Guide
1 check
▶
Apple iOS-iPadOS 16 Security Technical Implementation Guide
1 check
▶
Apple iOS/iPadOS 15 Security Technical Implementation Guide
1 check
▶
Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide
1 check
▶
Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide
3 checks
▶
Apple iOS/iPadOS 17 Security Technical Implementation Guide
2 checks
▶
Apple iOS/iPadOS 18 Security Technical Implementation Guide
3 checks
▶
Apple iOS/iPadOS 26 Security Technical Implementation Guide
3 checks
▶
Apple macOS 12 (Monterey) Security Technical Implementation Guide
6 checks
▶
Apple macOS 13 (Ventura) Security Technical Implementation Guide
6 checks
▶
Apple macOS 14 (Sonoma) Security Technical Implementation Guide
7 checks
▶
Apple macOS 15 (Sequoia) Security Technical Implementation Guide
7 checks
▶
Apple macOS 26 (Tahoe) Security Technical Implementation Guide
7 checks
▶
Apple visionOS 2 Security Technical Implementation Guide
3 checks
▶
Apple visionOS 26 Security Technical Implementation Guide
3 checks
▶
Application Layer Gateway Security Requirements Guide
1 check
▶
Application Security and Development Security Technical Implementation Guide
11 checks
▶
Application Server Security Requirements Guide
3 checks
▶
ArcGIS for Server 10.3 Security Technical Implementation Guide
2 checks
▶
Arctic Wolf CylanceON-PREM Security Technical Implementation Guide
2 checks
▶
Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide
1 check
▶
Arista MLS EOS 4.2x NDM Security Technical Implementation Guide
1 check
▶
Arista MLS EOS 4.X NDM Security Technical Implementation Guide
1 check
▶
AvePoint Compliance Guardian Security Technical Implementation Guide
1 check
▶
Axonius Federal Systems Ax-OS Security Technical Implementation Guide
1 check
▶
BlackBerry PlayBook OS V2.1 Security Technical Implementation Guide
7 checks
▶
CA API Gateway ALG Security Technical Implementation Guide
1 check
▶
CA API Gateway NDM Security Technical Implementation Guide
3 checks
▶
CA IDMS Security Technical Implementation Guide
2 checks
▶
Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide
12 checks
▶
Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide
10 checks
▶
Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide
10 checks
▶
Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide
11 checks
▶
Central Log Server Security Requirements Guide
6 checks