800-53|IA-5(1)(d)

Title

PASSWORD-BASED AUTHENTICATION

Description

Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum];

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1.8 Set 'Minimum password age' to '1 or more day(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.1.9 Set 'Maximum password age' to '60 or fewer days'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2 - /etc/security/user - 'minage >= 1'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 - /etc/security/user - 'maxage <= 13' but not 0	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.3 Ensure 'Minimum password age' is set to '1 or more day(s)'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
1.1.3.5.4 Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)'	Windows	CIS Windows 8 L1 v1.0.0
1.1.10 - /etc/security/user - 'maxexpired <= 2'	Unix	CIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - f) The validity period of an account can be configured	ZTE_ROSNG	Tenable ZTE ROSNG
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.4 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	AirWatch - CIS Google Android 7 v1.0.0 L1
1.4 Ensure 'Automatically Lock' is set to 'Immediately'	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to 'Enabled'	MDM	AirWatch - CIS Google Android v1.3.0 L1
1.5 Ensure 'Power button instantly locks' is set to 'Enabled'	MDM	MobileIron - CIS Google Android v1.3.0 L1
1.5 Ensure 'Power button instantly locks' is set to Enabled	MDM	AirWatch - CIS Google Android 7 v1.0.0 L1
1.5 Ensure 'Power button instantly locks' is set to Enabled	MDM	MobileIron - CIS Google Android 7 v1.0.0 L1
1.5 Ensure Password Expiration is set to 90 days	CheckPoint	CIS Check Point Firewall L1 v1.1.0
1.8 Set a system-wide password expiration	SybaseDB	CIS Sybase 15.0 L2 DB v1.1.0
2.1.7 - AirWatch - Set the 'number of days' for 'maximum password age'	MDM	AirWatch - CIS Google Android 4 v1.0.0 L2
2.1.7 - MobileIron - Set the 'number of days' for 'maximum password age'	MDM	MobileIron - CIS Google Android 4 v1.0.0 L2
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG MS
2.3.6.5 (L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'	Windows	CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 DC
10.1.1 Set Password Expiration Days	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.1 Set Password Expiration Days	Unix	CIS Debian Linux 7 L1 v1.0.0
10.1.2 Set Password Change Minimum Number of Days	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.2 Set Password Change Minimum Number of Days	Unix	CIS Debian Linux 7 L1 v1.0.0
10.1.3 Set Password Expiring Warning Days	Unix	CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
10.1.3 Set Password Expiring Warning Days	Unix	CIS Debian Linux 7 L1 v1.0.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.9.25.2 (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1

Detections

Analytics

800-53|IA-5(1)(d)

Title

Description

Reference Item Details

Audit Items