STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: STIGQter: STIG Summary: Authentication, Authorization, and Accounting Services (AAA) Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:SV-95623r1_rule
V-80913
SRG-APP-000170-AAA-000500
SRG-APP-000170-AAA-000500
CAT II
10
Configure AAA Services to require the change of at least eight of the total number of characters when passwords are changed.
Note: The best practice would be to require that all characters must be changed with each password change, especially for privileged accounts.
If AAA Services rely on directory services for user account management, this is not applicable and the connected directory services must perform this function.
Where passwords are used, verify AAA Services are configured to require the change of at least eight of the total number of characters when passwords are changed. This requirement may be verified by demonstration or configuration review.
If AAA Services are not configured to require the change of at least eight of the total number of characters when passwords are changed, this is a finding.
V-80913
False
SRG-APP-000170-AAA-000500
If AAA Services rely on directory services for user account management, this is not applicable and the connected directory services must perform this function.
Where passwords are used, verify AAA Services are configured to require the change of at least eight of the total number of characters when passwords are changed. This requirement may be verified by demonstration or configuration review.
If AAA Services are not configured to require the change of at least eight of the total number of characters when passwords are changed, this is a finding.
M
3357