1.8 Set a system-wide password expiration

Information

Sybase ASE supports expiring passwords after a set interval. The interval can be set on a
global, per user or per role basis. Password expiration is disabled by default.

It is recommended that a system-wide password expiration is set according to your
organizations requirements.

Rationale:

Password expiration potentially mitigates the damage from a compromised account. It also
assists in identifying accounts that are no longer in use.

Solution

1. Connect to the ASE server with a user that has the sso_role and execute the
following SQL statement to set the system-wide password expiration (substitute 90
for a suitable password expiration value based on your organizations
requirements):

exec sp_configure 'systemwide password expiration', 90

See Also

https://workbench.cisecurity.org/files/1612

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d)

Plugin: SybaseDB

Control ID: 3adce826fcdb9baee3be36f255720c11e1f444cf4f7211a718bd7c08093d7c81