UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must require that passwords contain a minimum of 15 characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-11947 GEN000580 SV-27111r4_rule Medium
Description
The use of longer passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques by increasing the password search space.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2016-07-22

Details

Check Text ( None )
None
Fix Text (F-24374r5_fix)
For Trusted Mode:
Use the SAM/SMH interface to set the system password length attribute “MIN_PASSWORD_LENGTH” to 15 or greater.

For SMSE:
Note: There may be additional package/bundle updates that must be installed to support attributes in the /etc/default/security file.

Install the additional LongPassword11i3 and PHI11i3 product bundles where/as required. Use the SAM/SMH interface (/etc/default/security file) and/or the userdbset command (/var/adm/userdb/* files) to update the attribute(s). See the below example(s):
CRYPT_ALGORITHMS_DEPRECATE=__unix__
CRYPT_DEFAULT=6
LONG_PASSWORD=1
MIN_PASSWORD_LENGTH=15

Note: The MIN_PASSWORD_LENGTH attribute must be set equal to or greater than 15.
If the "vi" editor was used to update the /etc/default/security file, save the file before exiting the editor.