Check: SRG-OS-000076-GPOS-00044
General Purpose Operating System SRG:
SRG-OS-000076-GPOS-00044
(in versions v3 r1 through v1 r6)
Title
Operating systems must enforce a 60-day maximum password lifetime restriction. (Cat II impact)
Discussion
Any password, no matter how complex, can eventually be cracked; therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.
Check Content
Verify operating system enforces a 60-day maximum password lifetime restriction. If it does not, this is a finding.
Fix Text
Configure operating system to enforce a 60-day maximum password lifetime restriction.
Additional Identifiers
Rule ID: SV-203632r982200_rule
Vulnerability ID: V-203632
Group Title: SRG-OS-000076
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000199 |
The information system enforces maximum password lifetime restrictions. |
CCI-004066 |
For password-based authentication, enforce organization-defined composition and complexity rules. |
Controls
Number | Title |
---|---|
IA-5(1) |
Password-based Authentication |