800-53|IA-5(1)(d)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum];

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.8 Set 'Minimum password age' to '1 or more day(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.9 Set 'Maximum password age' to '60 or fewer days'WindowsCIS Windows 8 L1 v1.0.0
1.1.2 - /etc/security/user - 'minage >= 1'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 - /etc/security/user - 'maxage <= 13' but not 0UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3.5.4 Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.10 - /etc/security/user - 'maxexpired <= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - f) The validity period of an account can be configuredZTE_ROSNGTenable ZTE ROSNG
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMMobileIron - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMAirWatch - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMAirWatch - CIS Google Android 7 v1.0.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'MDMMobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to 'Enabled'MDMMobileIron - CIS Google Android v1.3.0 L1
1.5 Ensure 'Power button instantly locks' is set to 'Enabled'MDMAirWatch - CIS Google Android v1.3.0 L1
1.5 Ensure 'Power button instantly locks' is set to EnabledMDMAirWatch - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to EnabledMDMMobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure Password Expiration is set to 90 daysCheckPointCIS Check Point Firewall L1 v1.1.0
1.8 Set a system-wide password expirationSybaseDBCIS Sybase 15.0 L2 DB v1.1.0
2.1.7 - AirWatch - Set the 'number of days' for 'maximum password age'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.7 - MobileIron - Set the 'number of days' for 'maximum password age'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 DC L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows Server 2012 MS L1 v3.0.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.3.6.5 Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
10.1.1 Set Password Expiration DaysUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.1 Set Password Expiration DaysUnixCIS Debian Linux 7 L1 v1.0.0
10.1.2 Set Password Change Minimum Number of DaysUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.2 Set Password Change Minimum Number of DaysUnixCIS Debian Linux 7 L1 v1.0.0
10.1.3 Set Password Expiring Warning DaysUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.3 Set Password Expiring Warning DaysUnixCIS Debian Linux 7 L1 v1.0.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0