800-53|IA-5(1)(b)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number];

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 - /etc/security/user - 'mindiff >= 4'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.7 - /etc/security/user - 'maxrepeats <= 2'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.3.11 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.11 Ensure 'New Password Differs by Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
5.3.5 Ensure minimum and maximum requirements are set for password changes - difokUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.3.5 Ensure minimum and maximum requirements are set for password changes - minclassUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.4.7 Ensure minimum and maximum requirements are set for password changes - difokUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeatUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeatUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - minclassUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
7.2 Set Strong Password Creation Policies - MINDIFF = 3UnixCIS Solaris 11.2 L1 v1.1.0
7.2 Set Strong Password Creation Policies - MINDIFF = 3UnixCIS Solaris 11.1 L1 v1.0.0
7.2 Set Strong Password Creation Policies - MINDIFF = 3UnixCIS Solaris 11 L1 v1.1.0
7.3 Set Strong Password Creation Policies - Check MINDIFF is set to 3UnixCIS Solaris 10 L1 v5.2
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-006950 - Apple iOS/iPadOS 18 must be configured to enforce a passcode reuse prohibition of at least two generations.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-006950 - Apple iOS/iPadOS 18 must be configured to enforce a passcode reuse prohibition of at least two generations.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed.UnixDISA STIG AIX 7.x v3r1
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Brocade - repeat characters must be set to 1BrocadeTenable Best Practices Brocade FabricOS
Brocade - sequential characters must be set to 2BrocadeTenable Best Practices Brocade FabricOS
CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.CiscoDISA STIG Cisco ASA NDM v2r2
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.CiscoDISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.CiscoDISA STIG Cisco IOS Switch NDM v3r2
ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy.VMwareDISA STIG VMware vSphere 7.0 ESXi v1r2
ESXI-80-000043 The ESXi host must prohibit password reuse for a minimum of five generations.VMwareDISA VMware vSphere 8.0 ESXi STIG v2r1
Extreme : Password Policy - char-validationExtreme_ExtremeXOSTNS Extreme ExtremeXOS Best Practice Audit
F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.F5DISA F5 BIG-IP Device Management STIG v2r3
FGFW-ND-000311 - The FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.FortiGateDISA Fortigate Firewall NDM STIG v1r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG for Oracle Linux 5 v2r1
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG Solaris 10 X86 v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG AIX 6.1 v1r14
GEN000750 - The system must require at least four characters be changed between the old and new passwords during a password change.UnixDISA STIG AIX 5.3 v1r2
GEN000750 - The system must require that at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
JUEX-NM-000320 - The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.JuniperDISA Juniper EX Series Network Device Management v2r2