Navigate

Check: SRG-OS-000076-GPOS-00044

General Purpose Operating System SRG: SRG-OS-000076-GPOS-00044 (in versions v2 r7 through v1 r4)

Title

Operating systems must enforce a 60-day maximum password lifetime restriction. (Cat II impact)

Discussion

Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.

Check Content

Verify operating system enforces a 60-day maximum password lifetime restriction. If it does not, this is a finding.

Fix Text

Configure operating system to enforce a 60-day maximum password lifetime restriction.

Additional Identifiers

Rule ID: SV-203632r557622_rule

Vulnerability ID: V-203632

Group Title: SRG-OS-000076

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000199	The information system enforces maximum password lifetime restrictions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5 (1)	Password-Based Authentication