1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Enforces the Enterprise Password Policy by setting compliant local password requirements for the security appliance

Rationale:

The password policy helps to prevent unauthorized accesses by enforcing the password for more complexity and making them difficult to be guessed. This applies to the local database.

Solution

* Step 1: Run the following to set the password lifetime in days to less than or equal to 180
HOSTNAME(CONFIG)#PASSWORD-POLICY LIFETIME 30

* Step 2: Run the following to set the minimum number of characters that must be changed between the old and the new passwords, to be to be greater than or equal to 14

HOSTNAME(CONFIG)#PASSWORD-POLICY MINIMUM-CHANGES _14_

* Step 3: Run the following to set the minimum number of upper case characters in the password, to be to be greater than or equal to 1

HOSTNAME(CONFIG)#PASSWORD-POLICY MINIMUM-UPPERCASE _1_

* Step 4: Run the following to set the minimum number of lower case characters in the password, to be to be greater than or equal to 1

HOSTNAME(CONFIG)#PASSWORD-POLICY MINIMUM-LOWERCASE _1_

* Step 5: Run the following to set the minimum number of numeric characters in the password, to be greater than or equal to 1

HOSTNAME(CONFIG)#PASSWORD-POLICY MINIMUM-NUMERIC _1_

* Step 6: Run the following to set the minimum number of special characters in the password, to be greater than or equal to 1

HOSTNAME(CONFIG)#PASSWORD-POLICY MINIMUM-SPECIAL _1_

* Step 7: Run the following to set the password minimum length, to be greater than or equal to 14

HOSTNAME(CONFIG)#PASSWORD-POLICY MINIMUM-LENGTH _14_

See Also

https://benchmarks.cisecurity.org/tools2/cisco/CIS_Cisco_Firewall_Benchmark_v4.0.0.pdf