Check: SRG-APP-000165-AU-002580
Central Log Server SRG:
SRG-APP-000165-AU-002580
(in versions v2 r2 through v1 r1)
Title
The Central Log Server must be configured to prohibit password reuse for a minimum of five generations. (Cat III impact)
Discussion
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. To meet password policy requirements, passwords need to be changed at specific policy-based intervals. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.
Check Content
Examine the configuration. Verify the Central Log Server is configured to prohibit password reuse for a minimum of five generations. If the Central Log Server is not configured to prohibit password reuse for a minimum of five generations, this is a finding.
Fix Text
Configure the Central Log Server to prohibit password reuse for a minimum of five generations.
Additional Identifiers
Rule ID: SV-206468r397504_rule
Vulnerability ID: V-206468
Group Title: SRG-APP-000165
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000200 |
The information system prohibits password reuse for the organization-defined number of generations. |
Controls
| Number | Title |
|---|---|
| IA-5 (1) |
Password-Based Authentication |