UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users are permitted to change their passwords at an interval of less than 24 hours without ISSO/IAO intervention.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7963 DSN13.08 SV-8449r1_rule ECSC-1 IAIA-1 IAIA-2 Medium
Description
Requirement: The IAO will ensure that NO user passwords will be changed at an interval of less than 24 hours without IAO intervention. Permitting passwords to be changed in immediate succession within the same day, allows users to cycle password through their history database. This enables users to effectively negate the purpose of mandating periodic password changes.
STIG Date
Defense Switched Network (DSN) STIG 2015-06-30

Details

Check Text ( C-7372r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.
Fix Text (F-7538r1_fix)
Eensure that user passwords are not allowed to be changed for at least 24 hours after change operation.