Check: ASP4-CS-040200
IBM Aspera Platform 4.2 STIG:
ASP4-CS-040200
(in versions v1 r2 through v1 r1)
Title
IBM Aspera Console passwords must be prohibited from reuse for a minimum of five generations. (Cat II impact)
Discussion
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
Check Content
Verify IBM Aspera Console passwords are prohibited from reuse for a minimum of five generations: - Log in to the IBM Aspera Console web page as a user with administrative privilege. - Select the "Configuration" tab. - Select the "Defaults" tab. - Scroll down to the "Console Password Options" section. - Verify the "Password Expiration" option is checked. - Verify the "Password Reuse Limit" option is set to "5" or more. If the "Password Expiration" option is not checked, this is a finding. If the "Password Reuse Limit" is set to less than "5" or is set to "0", this is a finding.
Fix Text
Configure IBM Aspera Console passwords to be prohibited from reuse for a minimum of five generations: - Log in to the IBM Aspera Console web page as a user with administrative privilege. - Select the "Configuration" tab. - Select the "Defaults" tab. - Scroll down to the "Console Password Options" section. - Put a check in the "Password Expiration" check box. - Edit the "Password Reuse Limit" option to "5" or more. Note: "0" disables the "Password Reuse Limit" option. - Select "Save" at the bottom of the page.
Additional Identifiers
Rule ID: SV-252567r817871_rule
Vulnerability ID: V-252567
Group Title: SRG-NET-000512-ALG-000062
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000200 |
The information system prohibits password reuse for the organization-defined number of generations. |
Controls
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |