SV-209620r610285_rule
V-209620
SRG-OS-000266-GPOS-00101
AOSX-14-003011
CAT II
10
This setting may be enforced using the "Passcode Policy" configuration profile or by a directory service.
Password policy can be set with a configuration profile or the "pwpolicy" utility. If password policy is set with a configuration profile, run the following command to check if the system is configured to require that passwords contain at least one special character:
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep minComplexChars
If the return is null or not ” minComplexChars = 1”, this is a finding.
Run the following command to check if the system is configured to require that passwords not contain repeated sequential characters or characters in increasing and decreasing sequential order:
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowSimple
If "allowSimple" is not set to "0" or is undefined, this is a finding.
V-209620
False
AOSX-14-003011
Password policy can be set with a configuration profile or the "pwpolicy" utility. If password policy is set with a configuration profile, run the following command to check if the system is configured to require that passwords contain at least one special character:
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep minComplexChars
If the return is null or not ” minComplexChars = 1”, this is a finding.
Run the following command to check if the system is configured to require that passwords not contain repeated sequential characters or characters in increasing and decreasing sequential order:
/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep allowSimple
If "allowSimple" is not set to "0" or is undefined, this is a finding.
M
2930