PHTN-30-000029 - The Photon operating system must prohibit password reuse for a minimum of five generations.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the result is a password that is not changed per policy requirements.


Navigate to and open:


Add the following line after the 'password requisite' statement:

password requisite enforce_for_root use_authtok remember=5 retry=3

Note: On vCenter appliances, the equivalent file must be edited under '/etc/applmgmt/appliance', if one exists, for the changes to persist after a reboot.

See Also

Item Details

References: CAT|II, CCI|CCI-000200, Rule-ID|SV-256506r887192_rule, STIG-ID|PHTN-30-000029, Vuln-ID|V-256506

Plugin: Unix

Control ID: 412963a21772b9c30a5f66f273d052ee89aac809b66471ea32c667b890eea64d