Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-35320 | SRG-APP-000173-AS-000122 | SV-46607r1_rule | Medium |
Description |
---|
Password minimum lifetime is defined as: the minimum period of time, (typically in days) a user's password must be in effect before the user can change it. App servers have the capability to utilize LDAP, certificates (tokens), or user IDs and passwords in order to authenticate. When the AS utilizes user IDs and passwords, the AS must enforce the organization defined minimum lifetime restrictions for password changes. |
STIG | Date |
---|---|
Application Server Security Requirements Guide | 2013-01-08 |
Check Text ( C-43691r1_chk ) |
---|
Review AS documentation and configuration to determine if the AS enforces the minimum lifetime restrictions on password changes. If the AS is not configured to meet this requirement, this is a finding. |
Fix Text (F-39866r1_fix) |
---|
Configure the AS minimum lifetime restriction value for passwords. |