| 5.4.7 Ensure minimum and maximum requirements are set for password changes - difok | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - minclass | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed. | DISA STIG AIX 7.x v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change. | DISA STIG for Oracle Linux 5 v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change. | DISA STIG Solaris 10 X86 v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change. | DISA STIG Solaris 10 SPARC v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000750 - The system must require that at least eight characters be changed between the old and new passwords during a password change. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| O121-C2-014000 - The DBMS must support organizational requirements to prohibit password reuse for the organization-defined number of generations. | DISA STIG Oracle 12c v3r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - password-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - system-auth | DISA STIG Oracle Linux 6 v2r7 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010160 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010170 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010180 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL07-00-010190 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters. | DISA Oracle Linux 7 STIG v2r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020140 - OL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed. | DISA Oracle Linux 8 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020150 - OL 8 must require the maximum number of repeating characters be limited to three when passwords are changed. | DISA Oracle Linux 8 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020160 - OL 8 must require the change of at least four character classes when passwords are changed. | DISA Oracle Linux 8 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| OL08-00-020170 - OL 8 must require the change of at least eight characters when passwords are changed. | DISA Oracle Linux 8 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - password-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-06-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - system-auth. | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010160 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010170 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-07-010190 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020140 - RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020150 - RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020160 - RHEL 8 must require the change of at least four character classes when passwords are changed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-08-020170 - RHEL 8 must require the change of at least 8 characters when passwords are changed. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611060 - RHEL 9 must enforce password complexity rules for the root account. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611115 - RHEL 9 must require the change of at least eight characters when passwords are changed. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| RHEL-09-611125 - RHEL 9 must require the maximum number of repeating characters be limited to three when passwords are changed. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SLES-12-010190 - The SUSE operating system must require the change of at least eight (8) of the total number of characters when passwords are changed. | DISA SLES 12 STIG v2r13 | Unix | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000390 - Splunk Enterprise must prohibit password reuse for a minimum of five generations for the account of last resort. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SQL2-00-038900 - If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity. | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SQL4-00-038900 - If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | IDENTIFICATION AND AUTHENTICATION |
| SRG-OS-000072-ESXI5 - The system must require at least four characters be changed between the old and new passwords during a password change. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010099 - The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used - /etc/pam.d/common-password | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010099 - The Ubuntu operating system must be configured so that when passwords are changed or new passwords are established, pwquality must be used - dpkg -s libpam-pwquality | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-16-010140 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-18-010103 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-20-010053 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN10-AC-000020 - The password history must be configured to 24 passwords remembered. | DISA Windows 10 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-AC-000040 - Windows Server 2019 password history must be configured to 24 passwords remembered. | DISA Windows Server 2019 STIG v3r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
