Password reuse is not set to 8 or greater.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7964	DSN13.09	SV-8450r1_rule	ECSC-1 IAIA-1 IAIA-2	Low

Description
Requirement: The IAO will ensure that user passwords are not reused within eight of the previous passwords used. As a minimum. A system is more vulnerable to unauthorized access when system users recycle the same password several times without being required to change a password to a unique password on a regularly scheduled basis. This enables users to effectively negate the purpose of mandating periodic password changes.

Description

Requirement: The IAO will ensure that user passwords are not reused within eight of the previous passwords used. As a minimum. A system is more vulnerable to unauthorized access when system users recycle the same password several times without being required to change a password to a unique password on a regularly scheduled basis. This enables users to effectively negate the purpose of mandating periodic password changes.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7378r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices.

Fix Text (F-7539r1_fix)
Ensure password uniqueness is set to remember 8 passwords.