STIGQter STIGQter: STIG Summary: HP FlexFabric Switch NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one lower-case character be used.

DISA Rule

SV-80699r1_rule

Vulnerability Number

V-66209

Group Title

SRG-APP-000167-NDM-000255

Rule Version

HFFS-ND-000056

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to enforce password complexity by requiring that at least one lower-case character be used:

[HP] password-control enable
[HP] password-control composition enable
[HP] password-control composition type-number 4 type-length 2

Check Contents

Check to see that the HP FlexFabric Switch enforces password complexity by requiring that at least one lower-case character be used.

[HP] display password-control

Global password control configurations:
Password control: Enabled
Password aging: Enabled (60 days)
Password length: Enabled (15 characters)
Password composition: Enabled (4 types, 1 characters per type)

If the HP FlexFabric Switch does not require that at least one lower-case character be used in each password, this is a finding.

Vulnerability Number

V-66209

Documentable

False

Rule Version

HFFS-ND-000056

Severity Override Guidance

Check to see that the HP FlexFabric Switch enforces password complexity by requiring that at least one lower-case character be used.

[HP] display password-control

Global password control configurations:
Password control: Enabled
Password aging: Enabled (60 days)
Password length: Enabled (15 characters)
Password composition: Enabled (4 types, 1 characters per type)

If the HP FlexFabric Switch does not require that at least one lower-case character be used in each password, this is a finding.

Check Content Reference

M

Target Key

2971

Comments