Detections
Analytics

1.130 APPL-14-003070

Information

The macOS system must set minimum password lifetime to 24 hours.

GROUP ID: V-259551RULE ID: SV-259551r1038913

The macOS must be configured to enforce a minimum password lifetime limit of 24 hours.

This rule discourages users from cycling through their previous passwords to get back to a preferred one.

Note: The guidance for password-based authentication in NIST 800-53 (Rev 5) and NIST 800-63B state that complexity rules should be organizationally defined. The values defined are based on common complexity values, but an organization may define its own password complexity rules.

Solution

Configure the macOS system to set minimum password lifetime to 24 hours.

This setting may be enforced using local policy or by a directory service.

To set local policy to require a minimum password lifetime, edit the current password policy to contain the following within the "policyCategoryPasswordContent":

[source,xml]

[source,bash]

/usr/bin/pwpolicy setaccountpolicies $pwpolicy_file

See Also

https://workbench.cisecurity.org/benchmarks/24070

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CAT|II, CCI|CCI-000198, CCI|CCI-004066, Rule-ID|SV-259551r1038913_rule, STIG-ID|APPL-14-003070, Vuln-ID|V-259551

Plugin: Unix

Control ID: 97357660ceb00943fbf65d600c0cb3e1180d2c5d7dd3f603d776f800fc9cb66b