Title

iSCSI passwords are not compliant with DoD policy. (Cat II impact)

Discussion

Storage administrators will protect storage configuration data from unauthorized users by using passwords that are in accordance with the policy in DoDI 8500.2

Check Content

Work with the system administrator to determine compliance. Request the system administrator login to the iSCSI storage device and verify that the password is 14 characters. Review the complexity requirements are met by reviewing the configuration with the system administrator. The complexity requirements are one upper case letter, one lower case letter, one special character, and one number. If the password does not meet these requirements, this is a finding.

Fix Text

Configure all iSCSI passwords according to DoD policy.

Additional Identifiers

Rule ID: SV-16730r1_rule

Vulnerability ID: V-15791

Group Title: iSCSI passwords are not compliant with DoD policy.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.