UCF STIG Viewer Logo

The device minimum password/passcode length must be set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25016 WIR-MOS-NS-011 SV-40113r2_rule ECWN-1 IAIA-1 Low
Description
Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD smartphones.
STIG Date
BlackBerry Playbook OS (NEA mode) Security Technical Implementation Guide (STIG) 2014-08-25

Details

Check Text ( C-39061r1_chk )
This check applies to any mobile OS device (smartphones, tablets, etc.).

Check a sample of 2-3 devices managed by the site to verify the device unlock password/passcode has been set to 8 or more alphanumeric characters. The exact procedure will vary, depending on the mobile OS.

Have the user show that a device unlock password/passcode has been set to 8 or more alphanumeric characters.

Mark as a finding if configuration is not set as required.
Fix Text (F-27687r5_fix)
Configure the mobile operating system to enforce a minimum length for the device unlock password. Where a security container application is used in lieu of mobile operating system protections, configure the security container application to enforce a minimum length password for entry into the application.