1.3.2 Ensure 'Minimum Length' is greater than or equal to 12

Information

This determines the least number of characters that make up a password for a user account.
Rationale:
Types of password attacks include dictionary attacks (which attempt to use common words and phrases) and brute force attacks (which try every possible combination of characters).

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity.
Set Minimum Length to greater than or equal to 12
or
Execute the following CLI command:
username@hostname#set mgt-config password-complexity minimum-length <>
+ block-repeated-characters Block repeated characters count
+ block-username-inclusion Block inclusion of username and it's reverse
+ enabled Enable minimal password complexity enforcement
+ minimum-length Minimum password length
+ minimum-lowercase-letters Minimum lowercase letters in the password
+ minimum-numeric-letters Minimum numeric(0-9) letters in the password
+ minimum-special-characters Minimum special characters(non-alphanumeric) in the password
+ minimum-uppercase-letters Minimum uppercase letters in the password
+ new-password-differs-by-characters New Password must differ by the count chars
+ password-change-on-first-login Password must change on first time login
+ password-change-period-block Password change block period
+ password-history-count Save password history for password changes
> password-change password-change
<Enter> Finish input
# commit

Default Value:
Not enabled.

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CSCv6|5.3, CSCv6|5.7, CSCv6|16.12

Plugin: Palo_Alto

Control ID: ab34452855a9d2cb092947986fb5027c3b27f2ac1a29d72f0d9249d41f4401f7