800-53|IA-5(1)(e)

Title

PASSWORD-BASED AUTHENTICATION

Description

Prohibits password reuse for [Assignment: organization-defined number] generations; and

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
1.1.1.5 Set 'Enforce password history' to '24 or more password(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.8 - /etc/security/user - 'histexpire >= 13'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.9 - /etc/security/user - 'histsize >= 20'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable	ZTE_ROSNG	Tenable ZTE ROSNG
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-checking	CheckPoint	CIS Check Point Firewall L1 v1.1.0
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-length	CheckPoint	CIS Check Point Firewall L1 v1.1.0
2.1.8 - AirWatch - Set the 'number of passwords' for 'password history'	MDM	AirWatch - CIS Google Android 4 v1.0.0 L2
2.1.8 - MobileIron - Set the 'number of passwords' for 'password history'	MDM	MobileIron - CIS Google Android 4 v1.0.0 L2
2.4 Password Security - 'security.passwd.rules.history = 6'	NetApp	TNS NetApp Data ONTAP 7G
2.7 Set 'Enforce Password History' to '4' or greater	Windows	CIS Microsoft Exchange Server 2016 CAS v1.0.0
2.7 Set 'Enforce Password History' to '4' or greater	Windows	CIS Microsoft Exchange Server 2013 CAS v1.1.0
3.4 - Login and Password Parameters - Passwords Disallow Reuse >= 6	Netapp_API	NetApp Security Hardening Guide for ONTAP 9 v1.7.0
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'	OracleDB	CIS Oracle Server 11g R2 DB v2.2.0
3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'	OracleDB	CIS Oracle Server 11g R2 DB v2.2.0
4.014 - The password history must be configured to 24 passwords remembered.	Windows	DISA Windows Vista STIG v6r41
5.2.2 Ensure password reuse is limited - pam_pwhistory	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
5.2.2 Ensure password reuse is limited - pam_unix.so	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
5.3.3 Ensure password reuse is limited	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.3.3 Ensure password reuse is limited	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.3.3 Ensure password reuse is limited - password-auth	Unix	CIS Amazon Linux v2.1.0 L1
5.3.3 Ensure password reuse is limited - system-auth	Unix	CIS Amazon Linux v2.1.0 L1
5.3.12 Ensure password prohibited reuse is at a minumum '5'	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
5.4.3 Ensure password reuse is limited	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
5.4.3 Ensure password reuse is limited	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
5.4.11 Ensure password prohibited reuse is at a minimum 5	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
7.2 Set Strong Password Creation Policies - HISTORY = 10	Unix	CIS Solaris 11.2 L1 v1.1.0
7.2 Set Strong Password Creation Policies - HISTORY = 10	Unix	CIS Solaris 11.1 L1 v1.0.0
7.2 Set Strong Password Creation Policies - HISTORY = 10	Unix	CIS Solaris 11 L1 v1.1.0
7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10	Unix	CIS Solaris 10 L1 v5.2
9.2.3 Limit Password Reuse	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
9.2.3 Limit Password Reuse	Unix	CIS Debian Linux 7 L1 v1.0.0
AIX7-00-001127 - AIX must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG AIX 7.x v2r9
Android Compliance Policy - Number of previous passwords to prevent reuse	microsoft_azure	Tenable Best Practices for Microsoft Intune Android v1.0
AOSX-13-002090 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003009 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003009 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple macOS 11 v1r5
APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple macOS 11 v1r8
APPL-12-003009 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple macOS 12 v1r8
APPL-13-003009 - The macOS system must prohibit password reuse for a minimum of five generations.	Unix	DISA STIG Apple macOS 13 v1r3
Big Sur - Prohibit Password Reuse for a Minimum of Five Generations	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Prohibit Password Reuse for a Minimum of Five Generations	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Prohibit Password Reuse for a Minimum of Five Generations	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Prohibit Password Reuse for a Minimum of Five Generations	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Prohibit Password Reuse for a Minimum of Five Generations	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Prohibit Password Reuse for a Minimum of Five Generations	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low

Detections

Analytics

800-53|IA-5(1)(e)

Title

Description

Reference Item Details

Audit Items