STIGQter: STIG Summary: Central Log Server Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 24 Jul 2020:

The Central Log Server must be configured to require the change of at least 8 of the total number of characters when passwords are changed.

DISA Rule

SV-96067r1_rule

Vulnerability Number

V-81353

Group Title

SRG-APP-000170-AU-002530

Rule Version

SRG-APP-000170-AU-002530

Severity

CAT III

CCI(s)

• CCI-000195 - The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Weight

10

Fix Recommendation

Configure the Central Log Server to require the change of at least 8 of the total number of characters when passwords are changed.

Check Contents

Examine the configuration.

Verify the Central Log Server is configured to enforce password complexity by requiring the change of at least 8 of the total number of characters when passwords are changed.

If the Central Log Server is not configured to require the change of at least 8 of the total number of characters when passwords are changed, this is a finding.

Vulnerability Number

V-81353

Documentable

False

Rule Version

SRG-APP-000170-AU-002530

Severity Override Guidance

Examine the configuration.

Verify the Central Log Server is configured to enforce password complexity by requiring the change of at least 8 of the total number of characters when passwords are changed.

If the Central Log Server is not configured to require the change of at least 8 of the total number of characters when passwords are changed, this is a finding.

Check Content Reference

M

Target Key

3395

Comments