CCI|CCI-000195

Title

The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
5.4.7 Ensure minimum and maximum requirements are set for password changes - difok	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeat	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - minclass	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.	MDM	MobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.	MDM	AirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed.	Unix	DISA STIG AIX 7.x v3r1
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
CASA-ND-000580 - The Cisco ASA must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco ASA NDM v2r2
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-171
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
CISC-ND-000610 - The Cisco router must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco IOS XE Router NDM v3r2
CISC-ND-000610 - The Cisco switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Cisco	DISA STIG Cisco IOS Switch NDM v3r2
ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed.	VMware	DISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used.	VMware	DISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy.	VMware	DISA STIG VMware vSphere 7.0 ESXi v1r2
F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.	F5	DISA F5 BIG-IP Device Management STIG v2r3
FGFW-ND-000311 - The FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.	FortiGate	DISA Fortigate Firewall NDM STIG v1r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG AIX 6.1 v1r14
GEN000750 - The system must require at least four characters be changed between the old and new passwords during a password change.	Unix	DISA STIG AIX 5.3 v1r2
GEN000750 - The system must require that at least eight characters be changed between the old and new passwords during a password change.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
JUEX-NM-000320 - The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password.	Juniper	DISA Juniper EX Series Network Device Management v2r2
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Require a Minimum of Fifty Percent Character Change in New Passwords	Unix	NIST macOS Monterey v1.0.0 - All Profiles
O121-C2-014500 - The DBMS must support organizational requirements to enforce the number of characters that get changed when passwords are changed.	OracleDB	DISA STIG Oracle 12c v3r2 Database
OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - password-auth	Unix	DISA STIG Oracle Linux 6 v2r7
OL07-00-010160 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.	Unix	DISA Oracle Linux 7 STIG v3r1
OL07-00-010170 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.	Unix	DISA Oracle Linux 7 STIG v3r1
OL07-00-010180 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.	Unix	DISA Oracle Linux 7 STIG v3r1
OL07-00-010190 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.	Unix	DISA Oracle Linux 7 STIG v3r1
OL08-00-020140 - OL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.	Unix	DISA Oracle Linux 8 STIG v2r2
OL08-00-020150 - OL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.	Unix	DISA Oracle Linux 8 STIG v2r2
OL08-00-020160 - OL 8 must require the change of at least four character classes when passwords are changed.	Unix	DISA Oracle Linux 8 STIG v2r2
OL08-00-020170 - OL 8 must require the change of at least eight characters when passwords are changed.	Unix	DISA Oracle Linux 8 STIG v2r2

Detections

Analytics

CCI|CCI-000195

Title

Reference Item Details

Audit Items