1.3.10 Ensure 'Password Profiles' do not exist

Information

Password profiles that are weaker than the recommended minimum password complexity settings must not exist.

Rationale:

As password profiles override any 'Minimum Password Complexity' settings defined in the device, they generally should not exist. If these password profiles do exist, they should enforce stronger password policies than what is set in the 'Minimum Password Complexity' settings.

Solution

Navigate to Device > Password Profiles.
Ensure Password Profiles weaker than the recommended minimum password complexity settings do not exist.

Default Value:

Not configured

References:

'PAN-OS Administrator's Guide 9.0 (English) - Best Practices for Securing Administrative Access' - https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html

See Also

https://workbench.cisecurity.org/files/2692