800-53|IA-5(1)(b)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number];

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 - /etc/security/user - 'mindiff >= 4'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.7 - /etc/security/user - 'maxrepeats <= 2'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
7.3 Set Strong Password Creation Policies - Check MINDIFF is set to 3	Unix	CIS Solaris 10 L1 v5.2
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.	MDM	MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.	MDM	AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-006950 - Apple iOS/iPadOS 18 must be configured to enforce a passcode reuse prohibition of at least two generations.	MDM	AirWatch - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-006950 - Apple iOS/iPadOS 18 must be configured to enforce a passcode reuse prohibition of at least two generations.	MDM	MobileIron - DISA Apple iOS/iPadOS 18 v1r1
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Brocade - repeat characters must be set to 1	Brocade	Tenable Best Practices Brocade FabricOS
Brocade - sequential characters must be set to 2	Brocade	Tenable Best Practices Brocade FabricOS
CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco ASA NDM v2r2
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Extreme : Password Policy - char-validation	Extreme_ExtremeXOS	TNS Extreme ExtremeXOS Best Practice Audit
F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.	F5	DISA F5 BIG-IP Device Management STIG v2r3
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG AIX 6.1 v1r14
GEN000750 - The system must require at least four characters be changed between the old and new passwords during a password change.	Unix	DISA STIG AIX 5.3 v1r2
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - password-auth	Unix	DISA STIG Oracle Linux 6 v2r7
OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - system-auth	Unix	DISA STIG Oracle Linux 6 v2r7
PHTN-30-000024 - The Photon operating system must require that new passwords are at least four characters different from the old password.	Unix	DISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-67-000024 - The Photon operating system must require that new passwords are at least four characters different from the old password.	Unix	DISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-09-611060 - RHEL 9 must enforce password complexity rules for the root account.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
RHEL-09-611130 - RHEL 9 must require the change of at least four character classes when passwords are changed.	Unix	DISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-15-020160 - The SUSE operating system must require the change of at least eight of the total number of characters when passwords are changed - 8 of the total number of characters when passwords are changed.	Unix	DISA SLES 15 STIG v2r2
SPLK-CL-000390 - Splunk Enterprise must prohibit password reuse for a minimum of five generations for the account of last resort.	Splunk	DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API
UBTU-18-010103 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.	Unix	DISA STIG Ubuntu 18.04 LTS v2r15
UBTU-20-010053 - The Ubuntu operating system must require the change of at least 8 characters when passwords are changed.	Unix	DISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-611040 - Ubuntu 22.04 LTS must require the change of at least eight characters when passwords are changed.	Unix	DISA STIG Canonical Ubuntu 22.04 LTS v2r2
User Authentication Security - Configure a password complexity policy - all character-sets are enforced	Juniper	Juniper Hardening JunOS 12 Devices Checklist
VCSA-80-000070 The vCenter Server must prohibit password reuse for a minimum of five generations.	VMware	DISA VMware vSphere 8.0 vCenter STIG v2r1
WN10-AC-000020 - The password history must be configured to 24 passwords remembered.	Windows	DISA Windows 10 STIG v3r2
WN11-AC-000020 - The password history must be configured to 24 passwords remembered.	Windows	DISA Windows 11 STIG v2r2
WN19-AC-000040 - Windows Server 2019 password history must be configured to 24 passwords remembered.	Windows	DISA Windows Server 2019 STIG v3r2

Detections

Analytics

800-53|IA-5(1)(b)

Title

Description

Reference Item Details

Audit Items