3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'

Information

The PASSWORD_REUSE_TIME setting determines the amount of time in days that must pass before the same password may be reused. The suggested value for this is 365 days or greater.

Rationale:

Reusing the same password after only a short period of time has passed makes the success of brute-force login attacks more likely.

Solution

Remediate this setting by executing the following SQL statement for each PROFILE returned by the audit procedure.

ALTER PROFILE <profile_name> LIMIT PASSWORD_REUSE_TIME 365;

Notes:

The above restriction should be applied along with the PASSWORD_REUSE_MAX setting.

See Also

https://workbench.cisecurity.org/files/2741

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv6|16, CSCv7|4.4

Plugin: OracleDB

Control ID: 914137c071979f205adb60efe4d2597318e902d72fea87c24892387eeee2d3bb