1.1.5 Ensure 'Password Policy' is enabled - lifetime

Information

Enforces the Enterprise Password Policy by setting compliant local password requirements for the security appliance

Rationale:

The password policy helps to prevent unauthorized accesses by enforcing the password for more complexity and making them difficult to be guessed. This applies to the local database.

Solution

Step 1: Run the following to set the password lifetime in days to less than or equal to 180

hostname(config)#password-policy lifetime 30

Step 2: Run the following to set the minimum number of characters that must be changed between the old and the new passwords, to be to be greater than or equal to 14

hostname(config)#password-policy minimum-changes 14

Step 3: Run the following to set the minimum number of upper case characters in the password, to be to be greater than or equal to 1

hostname(config)#password-policy minimum-uppercase 1

Step 4: Run the following to set the minimum number of lower case characters in the password, to be to be greater than or equal to 1

hostname(config)#password-policy minimum-lowercase 1

Step 5: Run the following to set the minimum number of numeric characters in the password, to be greater than or equal to 1

hostname(config)#password-policy minimum-numeric 1

Step 6: Run the following to set the minimum number of special characters in the password, to be greater than or equal to 1

hostname(config)#password-policy minimum-special 1

Step 7: Run the following to set the password minimum length, to be greater than or equal to 14

hostname(config)#password-policy minimum-length 14

Default Value:

Password policy is disabled by default.

The following are default values:

password-policy lifetime 0 password-policy minimum-changes 0 password-policy minimum-length 3 password-policy minimum-uppercase 0 password-policy minimum-lowercase 0 password-policy minimum-numeric 0 password-policy minimum-special 0

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Cisco

Control ID: 79e04cada4264084323882020a82e2ff4514dec4e6a5fb72bf5f60f874ccb939