800-53|IA-5(1)(d)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum];

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.8 Set 'Minimum password age' to '1 or more day(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.9 Set 'Maximum password age' to '60 or fewer days'WindowsCIS Windows 8 L1 v1.0.0
1.1.2 - /etc/security/user - 'minage >= 1'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 - /etc/security/user - 'maxage <= 13' but not 0UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.3.5.4 Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 - /etc/security/user - 'maxexpired <= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - f) The validity period of an account can be configuredZTE_ROSNGTenable ZTE ROSNG
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMAirWatch - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMMobileIron - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMAirWatch - CIS Google Android 7 v1.0.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMMobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to 'Enabled'MDMAirWatch - CIS Google Android v1.3.0 L1
1.5 Ensure 'Power button instantly locks' is set to 'Enabled'MDMMobileIron - CIS Google Android v1.3.0 L1
1.5 Ensure 'Power button instantly locks' is set to EnabledMDMAirWatch - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to EnabledMDMMobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure Password Expiration is set to 90 daysCheckPointCIS Check Point Firewall L1 v1.1.0
1.8 Set a system-wide password expirationSybaseDBCIS Sybase 15.0 L2 DB v1.1.0
2.1.7 - AirWatch - Set the 'number of days' for 'maximum password age'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.7 - MobileIron - Set the 'number of days' for 'maximum password age'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 MS L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 DC L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
10.1.1 Set Password Expiration DaysUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.1 Set Password Expiration DaysUnixCIS Debian Linux 7 L1 v1.0.0
10.1.2 Set Password Change Minimum Number of DaysUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.2 Set Password Change Minimum Number of DaysUnixCIS Debian Linux 7 L1 v1.0.0
10.1.3 Set Password Expiring Warning DaysUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.3 Set Password Expiring Warning DaysUnixCIS Debian Linux 7 L1 v1.0.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'WindowsCIS Windows 7 Workstation Level 1 v3.2.0