800-53|IA-5(1)(e)

Title

PASSWORD-BASED AUTHENTICATION

Description

Prohibits password reuse for [Assignment: organization-defined number] generations; and

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Family: IDENTIFICATION AND AUTHENTICATION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
1.1.1 Ensure 'Enforce password history' is set to '24 or more password(s)'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.1.5 Set 'Enforce password history' to '24 or more password(s)'WindowsCIS Windows 8 L1 v1.0.0
1.1.8 - /etc/security/user - 'histexpire >= 13'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.1.9 - /etc/security/user - 'histsize >= 20'UnixCIS AIX 5.3/6.1 L1 v1.1.0
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enableZTE_ROSNGTenable ZTE ROSNG
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-checkingCheckPointCIS Check Point Firewall L1 v1.1.0
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-lengthCheckPointCIS Check Point Firewall L1 v1.1.0
2.1.8 - AirWatch - Set the 'number of passwords' for 'password history'MDMAirWatch - CIS Google Android 4 v1.0.0 L2
2.1.8 - MobileIron - Set the 'number of passwords' for 'password history'MDMMobileIron - CIS Google Android 4 v1.0.0 L2
2.4 Password Security - 'security.passwd.rules.history = 6'NetAppTNS NetApp Data ONTAP 7G
2.7 Set 'Enforce Password History' to '4' or greaterWindowsCIS Microsoft Exchange Server 2016 CAS v1.0.0
2.7 Set 'Enforce Password History' to '4' or greaterWindowsCIS Microsoft Exchange Server 2013 CAS v1.1.0
3.4 - Login and Password Parameters - Passwords Disallow Reuse >= 6Netapp_APINetApp Security Hardening Guide for ONTAP 9 v1.7.0
3.4 Ensure 'PASSWORD_REUSE_MAX' Is Greater than or Equal to '20'OracleDBCIS Oracle Server 11g R2 DB v2.2.0
3.5 Ensure 'PASSWORD_REUSE_TIME' Is Greater than or Equal to '365'OracleDBCIS Oracle Server 11g R2 DB v2.2.0
4.014 - The password history must be configured to 24 passwords remembered.WindowsDISA Windows Vista STIG v6r41
5.2.2 Ensure password reuse is limitedUnixCIS Google Container-Optimized OS v1.2.0 L2 Server
5.3.3 Ensure password reuse is limitedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
5.3.3 Ensure password reuse is limitedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
5.3.3 Ensure password reuse is limited - password-authUnixCIS Amazon Linux v2.1.0 L1
5.3.3 Ensure password reuse is limited - system-authUnixCIS Amazon Linux v2.1.0 L1
5.3.12 Ensure password prohibited reuse is at a minumum '5'UnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.4.11 Ensure password prohibited reuse is at a minimum 5UnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
7.2 Set Strong Password Creation Policies - HISTORY = 10UnixCIS Solaris 11.2 L1 v1.1.0
7.2 Set Strong Password Creation Policies - HISTORY = 10UnixCIS Solaris 11 L1 v1.1.0
7.2 Set Strong Password Creation Policies - HISTORY = 10UnixCIS Solaris 11.1 L1 v1.0.0
7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10UnixCIS Solaris 10 L1 v5.2
9.2.3 Limit Password ReuseUnixCIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0
9.2.3 Limit Password ReuseUnixCIS Debian Linux 7 L1 v1.0.0
AIOS-17-706950 - Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706950 - Apple iOS/iPadOS 17 must be configured to enforce a passcode reuse prohibition of at least two generations.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIX7-00-001127 - AIX must prohibit password reuse for a minimum of five generations.UnixDISA STIG AIX 7.x v2r9
Android Compliance Policy - Number of previous passwords to prevent reusemicrosoft_azureTenable Best Practices for Microsoft Intune Android v1.0
AOSX-13-002090 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple Mac OSX 10.13 v2r5
AOSX-14-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple Mac OSX 10.14 v2r6
AOSX-15-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple Mac OSX 10.15 v1r10
APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple macOS 11 v1r5
APPL-11-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple macOS 11 v1r8
APPL-12-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple macOS 12 v1r9
APPL-13-003009 - The macOS system must prohibit password reuse for a minimum of five generations.UnixDISA STIG Apple macOS 13 v1r4
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Prohibit Password Reuse for a Minimum of Five GenerationsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low