Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must enforce password maximum lifetime restrictions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35321 | SRG-APP-000174-AS-000123 | SV-46608r1_rule | Medium |
| Description |
|---|
| Password maximum lifetime is defined as: the maximum period of time, (typically in days) a user's password may be in effect before the user is forced to change it. App servers have the capability to utilize LDAP, certificates (tokens), or user IDs and passwords in order to authenticate. When the AS utilizes user IDs and passwords, the AS must enforce the organization defined maximum lifetime restrictions for password changes. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43692r1_chk ) |
|---|
| Review AS documentation and configuration to determine if the AS enforces the maximum lifetime restrictions on password changes. If the AS is not configured to meet this requirement, this is a finding. |
| Fix Text (F-39868r1_fix) |
|---|
| Configure the AS maximum lifetime restriction value for passwords. |