1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable


Strong passwords are supported to prevent passwords from being cracked. When a password is set, password complexity is detected by default. If a password does not meet the policy, a warning is required. A strong password mode should be provided. The password verification mechanism is as follows:

a) The default password length shouldn't be below 8 characters.
b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4
c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password
d) Check either of the following words exist in configuration file:
- Encrypt none
- Authentication null
- Encrypted null
- Encryption null
- Security-protocol noauth
- Encrypted noauth
e) If 'strong-password max-length' not displayed in configuration, then pass this check.
If 'strong-password max-length' displayed in configuration, but max-length value below 10, or not both configuration 'username-related-chk inverse' and 'strong-password date-check enable' commands, then fail this check.
f) The validity period of an account can be configured.


It is recommended to set the password to irrelevant to the username and date.

ZXR10# configure terminal
ZXR10 (config)# system-user
ZXR10 (config-system-user)# strong-password date-check enable

See Also


Item Details

Audit Name: Tenable ZTE ROSNG


References: 800-53|IA-5(1)(e)


Control ID: 345daff751bbf2a95282d6d1dbe18a82a3a2265d6941ec0b300ba19a84de34ff