1.3.5 Ensure 'Password Profiles' do not exist

Information

Password profiles that are weaker than the recommended minimum password complexity settings must not exist.
Rationale:
As password profiles override any 'Minimum Password Complexity' settings defined in the device, they generally should not exist. If these password profiles do exist, they should enforce stronger password policies than what is set in the 'Minimum Password Complexity' settings.

Solution

Navigate to Device > Password Profiles.
Ensure Password Profiles weaker than the recommended minimum password complexity settings do not exist.
or
Execute the following CLI command:
[email protected]#set mgt-config password-profile <none>
Default Value:
Not configured

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CSCv6|5

Plugin: Palo_Alto

Control ID: f8104b6bad2d1253e8e7f0b88b4266e5927f3cccf92317ffc798fbbf907837ea