STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:SV-222547r508029_rule
V-222547
SRG-APP-000397
APSC-DV-001790
CAT II
10
Configure the application to specify when a password is temporary and change the temporary password on the first use.
Review the application documentation and interview the application administrator to identify if the application uses passwords for user authentication.
If the application does not use passwords, the requirement is not applicable.
Access the application management interface and view the user password settings page.
Review user password settings and validate the application is configured to specify when a password is temporary and force a password change when the administrator either creates a new user account or changes a user’s password.
If the application can not specify a password as temporary and force the user to change the temporary password upon successful authentication, this is a finding.
V-222547
False
APSC-DV-001790
Review the application documentation and interview the application administrator to identify if the application uses passwords for user authentication.
If the application does not use passwords, the requirement is not applicable.
Access the application management interface and view the user password settings page.
Review user password settings and validate the application is configured to specify when a password is temporary and force a password change when the administrator either creates a new user account or changes a user’s password.
If the application can not specify a password as temporary and force the user to change the temporary password upon successful authentication, this is a finding.
M
4093