Detections
Analytics

CCI|CCI-000195

Title

The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.86 UBTU-24-400290UnixCIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT II
1.96 UBTU-22-611040UnixCIS Ubuntu Linux 22.04 LTS STIG v1.0.0 CAT II
1.321 RHEL-09-611060UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.331 RHEL-09-611115UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.332 RHEL-09-611120UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.333 RHEL-09-611125UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
1.334 RHEL-09-611130UnixCIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II
5.4.7 Ensure minimum and maximum requirements are set for password changes - difokUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeatUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeatUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - minclassUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r2
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r2
AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed.UnixDISA STIG AIX 7.x v3r1
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.CiscoDISA STIG Cisco ASA NDM v2r2
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.CiscoDISA Cisco IOS XE Router NDM STIG v3r4
CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.CiscoDISA Cisco IOS Switch NDM STIG v3r5
ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy.VMwareDISA STIG VMware vSphere 7.0 ESXi v1r4
ESXI-80-000035 - The ESXi host must enforce password complexity by configuring a password quality policy.VMwareDISA VMware vSphere 8.0 ESXi STIG v2r3
ESXi: esxi-8.account-password-policiesVMwareVMware vSphere Security Configuration and Hardening Guide
F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.F5DISA F5 BIG-IP Device Management STIG v2r4
FGFW-ND-000311 - The FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.FortiGateDISA Fortigate Firewall NDM STIG v1r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG for Oracle Linux 5 v2r1
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG Solaris 10 X86 v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG AIX 6.1 v1r14
GEN000750 - The system must require at least four characters be changed between the old and new passwords during a password change.UnixDISA STIG AIX 5.3 v1r2
GEN000750 - The system must require that at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
JUEX-NM-000320 - The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.JuniperDISA Juniper EX Series Network Device Management v2r3
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - All Profiles
O121-C2-014500 - The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.OracleDBDISA STIG Oracle 12c v3r4 Database