Title

Complex passwords must contain a Symbolic Character. (Cat II impact)

Discussion

Configure the local system to verify newly created passwords conform to the DoD password complexity policy. Passwords must contain 1 character from the following 4 classes: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters. Sites are responsible for installing password complexity software that complies with current DoD requirements.

Check Content

Open a terminal session and run the following command. pwpolicy -n -getglobalpolicy | tr " " "\n" | grep requiresSymbol If the value of requireSymbol is not set to 1, this is a finding. NOTE: If the command returns a response of password server is not configured, the system is not managed. Add the path /Local/Default to the above commands, an example would be: pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep requiresSymbol

Fix Text

Open a terminal session and run the following command. sudo pwpolicy -n -setglobalpolicy "requiresSymbol=1" For non managed systems the path /Local/Default would need to be added to the command, an example would be: sudo pwpolicy -n /Local/Default -setglobalpolicy "requiresSymbol=1"

Additional Identifiers

Rule ID: SV-38607r1_rule

Vulnerability ID: V-29439

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.