Title

Password reuse is not set to 8 or greater. (Cat III impact)

Discussion

Requirement: The IAO will ensure that user passwords are not reused within eight of the previous passwords used. As a minimum. A system is more vulnerable to unauthorized access when system users recycle the same password several times without being required to change a password to a unique password on a regularly scheduled basis. This enables users to effectively negate the purpose of mandating periodic password changes.

Check Content

Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices.

Fix Text

Ensure password uniqueness is set to remember 8 passwords.

Additional Identifiers

Rule ID: SV-8450r1_rule

Vulnerability ID: V-7964

Group Title: Password reuse is not set to 8 or greater.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.