UCF STIG Viewer Logo

Maximum password age does not meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7962 DSN13.07 SV-8448r1_rule ECSC-1 IAIA-1 IAIA-2 Medium
Description
Requirement: The IAO will ensure that all user passwords are changed at intervals of 90 days or less. The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the passwords. Further, scheduled changing of passwords hinders the ability of unauthorized system users to crack passwords and gain access to a system.
STIG Date
Defense Switched Network STIG 2015-01-02

Details

Check Text ( C-7373r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.
Fix Text (F-7537r1_fix)
Ensure password life is no greater than 90 (180) days from the last password change.