800-53|IA-5(1)(d)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum];

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.8 Set 'Minimum password age' to '1 or more day(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.1.9 Set 'Maximum password age' to '60 or fewer days'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2 - /etc/security/user - 'minage >= 1'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.3 - /etc/security/user - 'maxage <= 13' but not 0	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.3.5.4 Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.10 - /etc/security/user - 'maxexpired <= 2'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - f) The validity period of an account can be configured	ZTE_ROSNG	Tenable ZTE ROSNG
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	AirWatch - CIS Google Android 7 v1.0.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to Enabled	MDM	AirWatch - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to Enabled	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
2.1.7 - AirWatch - Set the 'number of days' for 'maximum password age'	MDM	AirWatch - CIS Google Android 4 v1.0.0 L2
2.1.7 - MobileIron - Set the 'number of days' for 'maximum password age'	MDM	MobileIron - CIS Google Android 4 v1.0.0 L2
2.4 Password Security - 'maximum password age <= 90'	NetApp	TNS NetApp Data ONTAP 7G
2.4 Password Security - 'minimum password age >= 1'	NetApp	TNS NetApp Data ONTAP 7G
2.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'	MDM	MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1
2.8 Set 'Password Expiration' to '90' or less	Windows	CIS Microsoft Exchange Server 2016 CAS v1.0.0
2.8 Set 'Password Expiration' to '90' or less	Windows	CIS Microsoft Exchange Server 2013 CAS v1.1.0
3.4 - Login and Password Parameters - Password Expiration Time <=90 days	Netapp_API	NetApp Security Hardening Guide for ONTAP 9 v1.7.0
3.4 - Login and Password Parameters - Password expiration warning	Netapp_API	NetApp Security Hardening Guide for ONTAP 9 v1.7.0
3.4.4 Ensure 'Maximum grace period for device lock' is set to 'Immediately'	MDM	MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1
4.2 Ensure the vpxuser account's password is automatically changed every 10 or fewer days	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
4.011 - Maximum password age does not meet minimum requirements.	Windows	DISA Windows Vista STIG v6r41
4.012 - Minimum password age does not meet minimum requirements.	Windows	DISA Windows Vista STIG v6r41
4.026 - To the extent system capabilities permit, system mechanisms are not implemented to enforce automatic expiration of passwords.	Windows	DISA Windows Vista STIG v6r41
5.2.7 Password Age	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.2.7 Password Age	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.2.8 Password History	Unix	CIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.2.8 Password History	Unix	CIS Apple OSX 10.10 Yosemite L1 v1.2.0
5.4.1.1 Ensure password expiration is 90 days or less - login.defs	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.4.1.1 Ensure password expiration is 90 days or less - login.defs	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4.1.1 Ensure password expiration is 90 days or less - users	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.4.1.1 Ensure password expiration is 90 days or less - users	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs	Unix	CIS Amazon Linux v2.1.0 L1
5.4.1.2 Ensure minimum days between password changes is 7 or more - users	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.4.1.2 Ensure minimum days between password changes is 7 or more - users	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4.1.2 Ensure minimum days between password changes is 7 or more - users	Unix	CIS Amazon Linux v2.1.0 L1
5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs	Unix	CIS Amazon Linux v2.1.0 L1
5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.4.1.3 Ensure password expiration warning days is 7 or more - users	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.4.1.3 Ensure password expiration warning days is 7 or more - users	Unix	CIS Amazon Linux v2.1.0 L1
10.1.1 Set Password Expiration Days	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.1 Set Password Expiration Days	Unix	CIS Debian Linux 7 L1 v1.0.0
10.1.2 Set Password Change Minimum Number of Days	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.2 Set Password Change Minimum Number of Days	Unix	CIS Debian Linux 7 L1 v1.0.0
10.1.3 Set Password Expiring Warning Days	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.3 Set Password Expiring Warning Days	Unix	CIS Debian Linux 7 L1 v1.0.0

Detections

Analytics

800-53|IA-5(1)(d)

Title

Description

Reference Item Details

Audit Items