5.2.2 Set a minimum password length

Information

Information systems not protected with strong password schemes including passwords of minimum length provide the opportunity for anyone to crack the password and gain access to the system, and cause the device, information, or the local network to be compromised or a Denial of Service.

Solution

Perform the following to implement the prescribed state for all pwpolicy controls
1. Run the following command in Terminal:
pwpolicy -setaccountpolicies
Examples in pwpolicy man page and in the back of the Benchmark

See Also

https://workbench.cisecurity.org/files/300

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a)

Plugin: Unix

Control ID: 2ead69f6f7e8ba1f3ca4bd3f8d445c71b3aaf6d4348fbb222fcbf2b593c8ffee