| AIOS-12-000100 - Apple iOS must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AIOS-13-000100 - Apple iOS/iPadOS must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003007 - The macOS system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000550 - The Cisco switch must be configured to enforce a minimum 15-character password length. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000590 - The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-004250 - If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DoD standards for password complexity and lifetime. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-000107 - The BIG-IP appliance must be configured to enforce a minimum 15-character password length. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-000113 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must enforce password complexity by requiring that at least one lower-case character be used. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-000117 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must enforce password complexity by requiring that at least one special character be used. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GOOG-10-000100 - Google Android 10 must be configured to enforce a minimum password length of six characters. | AirWatch - DISA Google Android 10.x v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-10-000100 - Google Android 10 must be configured to enforce a minimum password length of six characters. | MobileIron - DISA Google Android 10.x v2r1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| JUNI-ND-000600 - The Juniper router must be configured to enforce password complexity by requiring that at least one special character be used. | DISA STIG Juniper Router NDM v3r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MD3X-00-000320 - If DBMS authentication using passwords is employed, MongoDB must enforce the DoD standards for password complexity and lifetime. | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-014000 - The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-014300 - The DBMS must support organizational requirements to enforce password complexity by the number of numeric characters used. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| O112-C2-014500 - The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed. | DISA STIG Oracle 11.2g v2r5 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000050 - The system must require passwords to contain a minimum of 15 characters - /etc/login.defs | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000050 - The system must require passwords to contain a minimum of 15 characters - /etc/pam.d/* | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000056 - The system must require passwords to contain at least one numeric character - password-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000056 - The system must require passwords to contain at least one numeric character - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000059 - The system must require passwords to contain at least one lower-case alphabetic character - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000056 - The system must require passwords to contain at least one numeric character - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010119 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010120 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed or new passwords are established, the new password must contain at least one upper-case character. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040010 - User passwords must be changed at least every 60 days. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040030 - The operating system must enforce minimum password lifetime restrictions. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040040 - User passwords must be at least 15 characters in length. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040060 - The system must require at least eight characters be changed between the old and new passwords during a password change. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040060 - The system must require at least eight characters be changed between the old and new passwords during a password change. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040070 - The system must require passwords to contain at least one uppercase alphabetic character. | DISA STIG Solaris 11 X86 v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SOL-11.1-040070 - The system must require passwords to contain at least one uppercase alphabetic character. | DISA STIG Solaris 11 SPARC v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000330 - Splunk Enterprise must enforce password complexity for the account of last resort by requiring that at least one uppercase character be used. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010120 - The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010101 - The Ubuntu operating system must enforce password complexity by requiring that at least one lower-case character be used. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010102 - The Ubuntu operating system must enforce password complexity by requiring that at least one numeric character be used. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010109 - The Ubuntu operating system must enforce a minimum 15-character password length. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000041 - The vCenter Server for Windows passwords must contain at least one lowercase character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000042 - The vCenter Server for Windows passwords must contain at least one numeric character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000043 - The vCenter Server for Windows passwords must contain at least one special character. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000162 - Oracle WebLogic must enforce password complexity by the number of upper-case characters used. | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000163 - Oracle WebLogic must enforce password complexity by the number of lower-case characters used. | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000164 - Oracle WebLogic must enforce password complexity by the number of numeric characters used. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000165 - Oracle WebLogic must enforce password complexity by the number of special characters used. | Oracle WebLogic Server 12c Linux v2r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION |
| WBLC-05-000165 - Oracle WebLogic must enforce password complexity by the number of special characters used. | Oracle WebLogic Server 12c Windows v2r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AC-000007 - Passwords must, at a minimum, be 14 characters. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-00-000060 - Manually managed application account passwords must be at least 14 characters in length. | DISA Windows Server 2016 STIG v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-AC-000070 - Windows Server 2016 minimum password length must be configured to 14 characters. | DISA Windows Server 2016 STIG v2r9 | Windows | IDENTIFICATION AND AUTHENTICATION |
