800-53|IA-5(1)(b)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number];

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 - /etc/security/user - 'mindiff >= 4'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.7 - /etc/security/user - 'maxrepeats <= 2'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.3.11 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.11 Ensure 'New Password Differs by Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.3.5 Ensure minimum and maximum requirements are set for password changes - difok	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
5.3.5 Ensure minimum and maximum requirements are set for password changes - minclass	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
5.4.1 Ensure password creation requirements are configured - 'dcredit'	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'dcredit'	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'lcredit'	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'lcredit'	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'ocredit'	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'ocredit'	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'ucredit'	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.4.1 Ensure password creation requirements are configured - 'ucredit'	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.4.7 Ensure minimum and maximum requirements are set for password changes - difok	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeat	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - minclass	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
7.2 Set Strong Password Creation Policies - MINDIFF = 3	Unix	CIS Solaris 11.2 L1 v1.1.0
7.2 Set Strong Password Creation Policies - MINDIFF = 3	Unix	CIS Solaris 11.1 L1 v1.0.0
7.2 Set Strong Password Creation Policies - MINDIFF = 3	Unix	CIS Solaris 11 L1 v1.1.0
7.3 Set Strong Password Creation Policies - Check MINDIFF is set to 3	Unix	CIS Solaris 10 L1 v5.2
AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed.	Unix	DISA STIG AIX 7.x v2r9
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Brocade - repeat characters must be set to 1	Brocade	Tenable Best Practices Brocade FabricOS
Brocade - sequential characters must be set to 2	Brocade	Tenable Best Practices Brocade FabricOS
CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco ASA NDM v1r6
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-171
CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco IOS Router NDM v2r8
CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco IOS XE Router NDM v2r9
CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco IOS Switch NDM v2r8
CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco IOS XE Switch NDM v2r8
ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy.	VMware	DISA STIG VMware vSphere 7.0 ESXi v1r2
Extreme : Password Policy - char-validation	Extreme_ExtremeXOS	TNS Extreme ExtremeXOS Best Practice Audit
F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.	F5	DISA F5 BIG-IP Device Management STIG v2r3
FGFW-ND-000311 - The FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG Solaris 10 SPARC v2r4

Detections

Analytics

800-53|IA-5(1)(b)

Title

Description

Reference Item Details

Audit Items