Detections
Analytics

800-53|IA-5(1)(a)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type];

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure Minimum Password Length is set to 14 or higherCheckPointCIS Check Point Firewall L1 v1.1.0
1.1.1.4 Set 'Minimum password length' to '14 or more character(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.1.6 Set 'Password must meet complexity requirements' to 'Enabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.3 - AirWatch - Disallow Simple PasscodeMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
1.1.3 - AirWatch - Disallow Simple PasscodeMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
1.1.3 - AirWatch - Enable 'Require alphanumeric value'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
1.1.3 - MobileIron - Disallow Simple PasscodeMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
1.1.3 - MobileIron - Disallow Simple PasscodeMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
1.1.3 - MobileIron - Enable 'Require alphanumeric value'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
1.1.4 - /etc/security/user - 'minlen = 8'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.5 - /etc/security/user - 'minalpha >= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.6 - /etc/security/user - 'minother >= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2 Ensure Disallow Palindromes is selectedCheckPointCIS Check Point Firewall L1 v1.1.0
1.2 Password Security Policy - a) The default password length shouldn't be below 8 charactersZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4ZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutiveZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - strong-password dictionaryZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - e) Check for strong-password max-lengthZTE_ROSNGTenable ZTE ROSNG
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverseZTE_ROSNGTenable ZTE ROSNG
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.5 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.9 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
2.1.2 - AirWatch - Enable 'Require alphanumeric value'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.2 - MobileIron - Enable 'Require alphanumeric value'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
2.1.3 - AirWatch - Set the 'minimum password length'MDMAirWatch - CIS Google Android 4 v1.0.0 L1
2.1.3 - MobileIron - Set the 'minimum password length'MDMMobileIron - CIS Google Android 4 v1.0.0 L1
2.1.4 - AirWatch - Set the 'minimum number of character sets' - 'Lower Case'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.4 - AirWatch - Set the 'minimum number of character sets' - 'Numbers'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.4 - AirWatch - Set the 'minimum number of character sets' - 'Symbols'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.4 - AirWatch - Set the 'minimum number of character sets' - 'Upper Case'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.4 - MobileIron - Set the 'minimum number of character sets'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
2.2.2 - AirWatch - Do Not Allow Simple ValueMDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
2.2.2 - AirWatch - Do Not Allow Simple ValueMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
2.2.2 - MobileIron - Do Not Allow Simple ValueMDMMobileIron - CIS Apple iOS 9 v1.0.0 L1
2.2.2 - MobileIron - Do Not Allow Simple ValueMDMMobileIron - CIS Apple iOS 8 v1.0.0 L1
2.2.3 - AirWatch - Require alphanumeric valueMDMAirWatch - CIS Apple iOS 9 v1.0.0 L2
2.2.3 - AirWatch - Require alphanumeric valueMDMAirWatch - CIS Apple iOS 8 v1.0.0 L2
2.2.3 - MobileIron - Require alphanumeric valueMDMMobileIron - CIS Apple iOS 8 v1.0.0 L2
2.2.3 - MobileIron - Require alphanumeric valueMDMMobileIron - CIS Apple iOS 9 v1.0.0 L2
2.2.4 - AirWatch - Set minimum passcode lengthMDMAirWatch - CIS Apple iOS 8 v1.0.0 L1
2.2.4 - AirWatch - Set minimum passcode lengthMDMAirWatch - CIS Apple iOS 9 v1.0.0 L1
2.12.15 - Miscellaneous Config - 'all unlocked accounts must have a password'UnixCIS AIX 5.3/6.1 L1 v1.1.0
2.18 Set 'Require alphanumeric password' to 'True'WindowsCIS Microsoft Exchange Server 2013 CAS v1.1.0
2.18 Set 'Require alphanumeric password' to 'True'WindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
13.1 Ensure Password Fields are Not EmptyUnixCIS Debian Linux 7 L1 v1.0.0
13.1 Ensure Password Fields are Not EmptyUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0