800-53|IA-5(1)(e)

Title

PASSWORD-BASED AUTHENTICATION

Description

Prohibits password reuse for [Assignment: organization-defined number] generations; and

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.1.5 Set 'Enforce password history' to '24 or more password(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.8 - /etc/security/user - 'histexpire >= 13'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.9 - /etc/security/user - 'histsize >= 20'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enableZTE_ROSNGTenable ZTE ROSNG
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-checkingCheckPointCIS Check Point Firewall L1 v1.1.0
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-lengthCheckPointCIS Check Point Firewall L1 v1.1.0
2.4 Password Security - 'security.passwd.rules.history = 6'NetAppTNS NetApp Data ONTAP 7G
2.7 Set 'Enforce Password History' to '4' or greaterWindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
2.7 Set 'Enforce Password History' to '4' or greaterWindowsCIS Microsoft Exchange Server 2013 CAS v1.1.0
3.1.8 /etc/security/user - histexpireUnixCIS IBM AIX 7.1 L1 v1.1.0
3.1.9 /etc/security/user - histsizeUnixCIS IBM AIX 7.1 L1 v1.1.0
3.4 - Login and Password Parameters - Passwords Disallow Reuse >= 6Netapp_APINetApp Security Hardening Guide for ONTAP 9 v1.7.0
4.014 - The password history must be configured to 24 passwords remembered.WindowsDISA Windows Vista STIG v6r41
5.2.8 Password HistoryUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.2.8 Password HistoryUnixCIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.3.3 Ensure password reuse is limitedUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0
5.3.3 Ensure password reuse is limitedUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.0
5.3.3 Ensure password reuse is limitedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.3.3 Ensure password reuse is limitedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.3.3 Ensure password reuse is limited - password-authUnixCIS Amazon Linux v2.1.0 L1
5.3.3 Ensure password reuse is limited - system-authUnixCIS Amazon Linux v2.1.0 L1
5.3.12 Ensure password prohibited reuse is at a minumum '5'UnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.4.3 Ensure password reuse is limitedUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.4.3 Ensure password reuse is limitedUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.4.11 Ensure password prohibited reuse is at a minimum 5UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
7.2 Set Strong Password Creation Policies - HISTORY = 10UnixCIS Solaris 11.2 L1 v1.1.0
7.2 Set Strong Password Creation Policies - HISTORY = 10UnixCIS Solaris 11 L1 v1.1.0
7.2 Set Strong Password Creation Policies - HISTORY = 10UnixCIS Solaris 11.1 L1 v1.0.0
7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10UnixCIS Solaris 10 L1 v5.2
9.2.3 Limit Password ReuseUnixCIS Debian Linux 7 L1 v1.0.0
9.2.3 Limit Password ReuseUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
AIX7-00-001127 - AIX must prohibit password reuse for a minimum of five generations - ALL usersUnixDISA STIG AIX 7.x v2r5
AIX7-00-001127 - AIX must prohibit password reuse for a minimum of five generations - default userUnixDISA STIG AIX 7.x v2r5
AOSX-13-002090 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple Mac OSX 10.15 v1r8
APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple macOS 11 v1r6
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate