Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The device minimum password/passcode length must be set.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25016 | WIR-MOS-NS-011 | SV-40113r2_rule | ECWN-1 IAIA-1 | Low |
| Description |
|---|
| Sensitive DoD data could be compromised if a device unlock password/passcode is not set to required length on DoD smartphones. |
| STIG | Date |
|---|---|
| General Mobile Device (Technical) (Non-Enterprise Activated) Security Technical Implementation Guide | 2013-07-03 |
Details
| Check Text ( C-39061r1_chk ) |
|---|
| This check applies to any mobile OS device (smartphones, tablets, etc.). Check a sample of 2-3 devices managed by the site to verify the device unlock password/passcode has been set to 8 or more alphanumeric characters. The exact procedure will vary, depending on the mobile OS. Have the user show that a device unlock password/passcode has been set to 8 or more alphanumeric characters. Mark as a finding if configuration is not set as required. |
| Fix Text (F-27687r4_fix) |
|---|
| Set the CMD minimum password/passcode length to 8 or more characters. |