Detections
Analytics

800-53|IA-5(1)

Title

PASSWORD-BASED AUTHENTICATION

Description

The information system, for password-based authentication:

Supplemental

This control enhancement applies to single-factor authentication of individuals using passwords as individual or group authenticators, and in a similar manner, when passwords are part of multifactor authenticators. This control enhancement does not apply when passwords are used to unlock hardware authenticators (e.g., Personal Identity Verification cards). The implementation of such password mechanisms may not meet all of the requirements in the enhancement. Cryptographically-protected passwords include, for example, encrypted versions of passwords and one-way cryptographic hashes of passwords. The number of changed characters refers to the number of changes required with respect to the total number of positions in the current password. Password lifetime restrictions do not apply to temporary passwords. To mitigate certain brute force attacks against passwords, organizations may also consider salting passwords.

Reference Item Details

Related: IA-6

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure Minimum Password Length is set to 14 or higherCheckPointCIS Check Point Firewall L1 v1.1.0
1.1.1 - /etc/security/user - 'mindiff >= 4'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows Server 2012 MS L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows Server 2012 DC L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
1.1.1 (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 STIG MS
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
1.1.1 Ensure 'Logon Password' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.1.1 Ensure default password of root is not allowedF5CIS F5 Networks v1.0.0 L1