Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-66211 | HFFS-ND-000057 | SV-80701r1_rule | Medium |
Description |
---|
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised. |
STIG | Date |
---|---|
HP FlexFabric Switch NDM Security Technical Implementation Guide | 2020-06-03 |
Check Text ( C-66857r1_chk ) |
---|
Check to see that the HP FlexFabric Switch enforces password complexity by requiring that at least one numeric character be used. [HP] display password-control Global password control configurations: Password control: Enabled Password aging: Enabled (60 days) Password length: Enabled (15 characters) Password composition: Enabled (4 types, 1 characters per type) If the HP FlexFabric Switch or its associated authentication server does not require that at least one numeric character be used in each password, this is a finding. |
Fix Text (F-72287r1_fix) |
---|
Configure the HP FlexFabric Switch to enforce password complexity by requiring that at least one numeric character be used: [HP] password-control enable [HP] password-control composition enable [HP] password-control composition type-number 4 type-length 3 |