STIGQter: STIG Summary: DBN-6300 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

If multifactor authentication is not supported and passwords must be used, the DBN-6300 must enforce password complexity by requiring that at least one numeric character be used.

DISA Rule

SV-91663r1_rule

Vulnerability Number

V-76967

Group Title

SRG-APP-000168-NDM-000256

Rule Version

DBNW-DM-000059

Severity

CAT II

CCI(s)

• CCI-000194 - The information system enforces password complexity by the minimum number of numeric characters used.

Weight

10

Fix Recommendation

Set the password-complexity variable within the DBN-6300 through the CLI.

This value is set with the following registry entry in the CLI:
reg set /sysconfig/auth/01 {"stores": {"local": {"policies": {"passwordQuality": {"owasp": {"enable": true,"allowPassphrases": false }}}}}}

Check Contents

To see if the system requires password complexity attempt to change your password to a non-conforming password.

If the user is able to change their password without meeting the requirement, this is a finding.

Vulnerability Number

V-76967

Documentable

False

Rule Version

DBNW-DM-000059

Severity Override Guidance

To see if the system requires password complexity attempt to change your password to a non-conforming password.

If the user is able to change their password without meeting the requirement, this is a finding.

Check Content Reference

M

Target Key

2947

Comments