800-53|IA-5(1)(a)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type];

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure Minimum Password Length is set to 14 or higherCheckPointCIS Check Point Firewall L1 v1.1.0
1.1.1.4 Set 'Minimum password length' to '14 or more character(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.6 Set 'Password must meet complexity requirements' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.4 - /etc/security/user - 'minlen = 8'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.4 Ensure 'Minimum password length' is set to '14 or more character(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.5 - /etc/security/user - 'minalpha >= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.5 Ensure 'Password must meet complexity requirements' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.5 Ensure 'Password must meet complexity requirements' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.6 - /etc/security/user - 'minother >= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2 Ensure Disallow Palindromes is selectedCheckPointCIS Check Point Firewall L1 v1.1.0
1.2 Password Security Policy - a) The default password length shouldn't be below 8 charactersZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4ZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutiveZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - strong-password dictionaryZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - e) Check for strong-password max-lengthZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverseZTE_ROSNGTenable ZTE ROSNG
1.3 Ensure Password Complexity is set to 3CheckPointCIS Check Point Firewall L1 v1.1.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.10 Ensure 'Block Username Inclusion' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.10 Ensure 'Block Username Inclusion' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
2.4 Password Security - 'security.passwd.rules.everyone = on'NetAppTNS NetApp Data ONTAP 7G
2.4 Password Security - 'security.passwd.rules.maximum >= 14'NetAppTNS NetApp Data ONTAP 7G
2.4 Password Security - 'security.passwd.rules.minimum >= 8'NetAppTNS NetApp Data ONTAP 7G
2.4 Password Security - 'security.passwd.rules.minimum.alphabetic = 2'NetAppTNS NetApp Data ONTAP 7G
2.4 Password Security - 'security.passwd.rules.minimum.digit = 1'NetAppTNS NetApp Data ONTAP 7G
2.4 Password Security - 'security.passwd.rules.minimum.symbol = 1'NetAppTNS NetApp Data ONTAP 7G
2.6 Set 'Allow simple passwords' to 'False'WindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
2.12.15 - Miscellaneous Config - 'all unlocked accounts must have a password'UnixCIS AIX 5.3/6.1 L1 v1.1.0
2.18 Set 'Require alphanumeric password' to 'True'WindowsCIS Microsoft Exchange Server 2013 CAS v1.1.0
2.18 Set 'Require alphanumeric password' to 'True'WindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
13.1 Ensure Password Fields are Not EmptyUnixCIS Debian Linux 7 L1 v1.0.0
13.1 Ensure Password Fields are Not EmptyUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'WindowsCIS Windows 7 Workstation Level 1 v3.2.0