UCF STIG Viewer Logo

The application server must enforce password minimum lifetime restrictions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35320 SRG-APP-000173-AS-000122 SV-46607r1_rule Medium
Description
Password minimum lifetime is defined as: the minimum period of time, (typically in days) a user's password must be in effect before the user can change it. App servers have the capability to utilize LDAP, certificates (tokens), or user IDs and passwords in order to authenticate. When the AS utilizes user IDs and passwords, the AS must enforce the organization defined minimum lifetime restrictions for password changes.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43691r1_chk )
Review AS documentation and configuration to determine if the AS enforces the minimum lifetime restrictions on password changes. If the AS is not configured to meet this requirement, this is a finding.
Fix Text (F-39866r1_fix)
Configure the AS minimum lifetime restriction value for passwords.