3.1.2.1 histexpire

Information

Defines the period of time in weeks that a user will not be able to reuse a password.

Rationale:

In setting the histexpire attribute, it ensures that a user cannot reuse a password within a set period of time.

Solution

In /etc/security/user, set the default user stanza histexpire attribute to be greater than or equal to 26:

chsec -f /etc/security/user -s default -a histexpire=26

This means that a user will not be able to reuse any password set in the last 26 weeks.

Default Value:

Not set

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: b01a3e3a3852c1c2758f93ede7fc2f2f7ee301ec7db1ed3991fdc28308dfe639