Title

Complex passwords must contain Alphabetic Character. (Cat II impact)

Discussion

Configure the local system to verify newly created passwords conform to DoD password complexity policy. Passwords must contain 1 character from the following 4 classes: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters. Sites are responsible for installing password complexity software complying with the current DoD requirements.

Check Content

Open a terminal session and run the following command. pwpolicy -n -getglobalpolicy | tr " " "\n" | grep requiresAlpha If the value of requiresAlpha is not set to 1, this is a finding. NOTE: If the command returns a response of: password server is not configured, the system is not managed. Add the path /Local/Default to the above command, an example would be: pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep requiresAlpha

Fix Text

Open a terminal session and run the following command. sudo pwpolicy -n -setglobalpolicy "requiresAlpha=1" For non managed systems the path /Local/Default would need to be added to the command, an example would be: sudo pwpolicy -n /Local/Default -setglobalpolicy "requiresAlpha=1"

Additional Identifiers

Rule ID: SV-38603r1_rule

Vulnerability ID: V-29437

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.