The system is not configured to disable a users account after three notifications of password expiration.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7969	DSN13.13	SV-8455r1_rule	ECSC-1 IAIA-1 IAIA-2	Medium

Description
Requirement: The IAO will ensure that users will be prompted by the system three times to change their passwords before or after the password has reached the maximum password lifetime. If the user fails to change their password, their account will be disabled The user should be notified three times after their password has expired. If the user does not change their password after three notifications, the system should disable the account and require the ISSO/IAO or other designated individual intervention to reactivate the account. This measure ensures that all users comply with mandatory password changes.

Description

Requirement: The IAO will ensure that users will be prompted by the system three times to change their passwords before or after the password has reached the maximum password lifetime. If the user fails to change their password, their account will be disabled The user should be notified three times after their password has expired. If the user does not change their password after three notifications, the system should disable the account and require the ISSO/IAO or other designated individual intervention to reactivate the account. This measure ensures that all users comply with mandatory password changes.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-4162r1_chk )
>TABLE OFCENG; EXPIRED_PASSWORD_GRACE = 3

Fix Text (F-7544r1_fix)
Ensure the DSN component is configured to disable a user account after the user has received three notifications of password expiration.