UCF STIG Viewer Logo

The application server must enforce password maximum lifetime restrictions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35321 SRG-APP-000174-AS-000123 SV-46608r1_rule Medium
Description
Password maximum lifetime is defined as: the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it. App servers have the capability to utilize LDAP, certificates (tokens), or user IDs and passwords in order to authenticate. When the AS utilizes user IDs and passwords, the AS must enforce the organization defined maximum lifetime restrictions for password changes.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43692r1_chk )
Review AS documentation and configuration to determine if the AS enforces the maximum lifetime restrictions on password changes. If the AS is not configured to meet this requirement, this is a finding.
Fix Text (F-39868r1_fix)
Configure the AS maximum lifetime restriction value for passwords.