1.6 Ensure Warn users before password expiration is set to 7 days

Information

The number of days before the password expires that the user starts getting warned they will have to change it. A user that does not log in will not see the warning.

Rationale:

Providing an advance warning that a password will be expiring gives users time to think of a secure password. Users caught unaware may choose a simple password or write it down where it may be discovered.

Solution

Run the following command to set the expiration-warning-days setting.
CLI:

Hostname>set password-controls expiration-warning-days 7

GUI:

Navigate to User Management > Password Policy > Mandatory Password Changes
Set 'Warn users before password expiration' is set to 7 days or less.



Default Value:

7 days

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2f.

Plugin: CheckPoint

Control ID: ddbe2c0d5f3e9d581a41cd0837a2f82e41674e55ee63d355061ca0df2967d716