UCF STIG Viewer Logo

The device minimum password/passcode length must be set.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25016 WIR-MOS-NS-011 SV-40113r2_rule ECWN-1 IAIA-1 Low
Description
Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD smartphones.
STIG Date
General Mobile Device (Technical) (Non-Enterprise Activated) Security Technical Implementation Guide 2013-03-19

Details

Check Text ( C-39061r1_chk )
This check applies to any mobile OS device (smartphones, tablets, etc.).

Check a sample of 2-3 devices managed by the site to verify the device unlock password/passcode has been set to 8 or more alphanumeric characters. The exact procedure will vary, depending on the mobile OS.

Have the user show that a device unlock password/passcode has been set to 8 or more alphanumeric characters.

Mark as a finding if configuration is not set as required.
Fix Text (F-27687r3_fix)
Set the CMD minimum password/passcode length to 4 or more characters.