CCI|CCI-000195

Title

The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.4.7 Ensure minimum and maximum requirements are set for password changes - difokUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeatUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - maxrepeatUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
5.4.7 Ensure minimum and maximum requirements are set for password changes - minclassUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-706600 - Apple iOS/iPadOS 17 must be configured to not allow passwords that include more than four repeating or sequential characters.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIX7-00-001123 - AIX must require the change of at least 50% of the total number of characters when passwords are changed.UnixDISA STIG AIX 7.x v2r9
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 Low
Catalina - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed.VMwareDISA STIG VMware vSphere 6.x ESXi v1r5
ESXI-67-000031 - The ESXi host must enforce password complexity by requiring that at least one uppercase character be used.VMwareDISA STIG VMware vSphere 6.7 ESXi v1r3
ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy.VMwareDISA STIG VMware vSphere 7.0 ESXi v1r2
F5BI-DM-000119 - If multifactor authentication is not supported and passwords must be used, the BIG-IP appliance must require that when a password is changed, the characters are changed in at least eight (8) of the positions within the password.F5DISA F5 BIG-IP Device Management STIG v2r3
FGFW-ND-000311 - The FortiGate device must require that when a password is changed, the characters are changed in at least eight of the positions within the password.FortiGateDISA Fortigate Firewall NDM STIG v1r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG for Oracle Linux 5 v2r1
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG Solaris 10 X86 v2r4
GEN000750 - The system must require at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG AIX 6.1 v1r14
GEN000750 - The system must require at least four characters be changed between the old and new passwords during a password change.UnixDISA STIG AIX 5.3 v1r2
GEN000750 - The system must require that at least eight characters be changed between the old and new passwords during a password change.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Require a Minimum of Fifty Percent Character Change in New PasswordsUnixNIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - password-authUnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - system-authUnixDISA STIG Oracle Linux 6 v2r7
OL07-00-010160 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-010170 - The Oracle Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-010180 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-010190 - The Oracle Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.UnixDISA Oracle Linux 7 STIG v2r14
PHTN-30-000024 - The Photon operating system must require that new passwords are at least four characters different from the old password.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-67-000024 - The Photon operating system must require that new passwords are at least four characters different from the old password.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-06-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - password-auth.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-06-000060 - The system must require at least eight characters be changed between the old and new passwords during a password change - system-auth.UnixDISA Red Hat Enterprise Linux 6 STIG v2r2
RHEL-07-010160 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of eight of the total number of characters must be changed.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-07-010170 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed a minimum of four character classes must be changed.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-07-010180 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating consecutive characters must not be more than three characters.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15
RHEL-07-010190 - The Red Hat Enterprise Linux operating system must be configured so that when passwords are changed the number of repeating characters of the same character class must not be more than four characters.UnixDISA Red Hat Enterprise Linux 7 STIG v3r15