3.1.2.11 minlen

Information

Defines the minimum length of a password.

Rationale:

In setting the minlen attribute, it ensures that passwords meet the required length criteria.

Solution

In /etc/security/user, set the default user stanza minlen attribute to be greater than or equal to 14:

chsec -f /etc/security/user -s default -a minlen=14

This means that all user passwords must be at least 14 characters in length.
NOTE: To support a password length greater than 8 characters the default algorithm must be changed. If the command above returns an error (3004-692 Error changing 'minlen' to '14' : Value is invalid.) the recommendation 3.1.15 /etc/security/login.cfg - pwd_algorithm needs to be completed first.

Default Value:

default minlen=0

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: 6123027898ef5355639b69acf8d7ced80f0acc1737058e669fe667a5ad94f915