3.1.2.9 mindiff

Information

Defines the minimum number of characters that are required in a new password which were not in the old password.

Rationale:

The mindiff attribute ensures that users are not able to reuse the same or similar passwords.

Solution

In /etc/security/user, set the default user stanza mindiff attribute to be greater than or equal to 4:

chsec -f /etc/security/user -s default -a mindiff=4

This means that when a user password is set it needs to comprise of at least 4 characters not present in the previous password.

Default Value:

mindiff=0

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: c5e55b1712346eb311719346df8847a7f6687a937f25f8d1e11d8387a76d71f4