UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AIX must enforce a minimum 15-character password length.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91317 AIX7-00-001129 SV-101415r1_rule High
Description
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-90471r1_chk )
From the command prompt, run the following command to check the system default "minlen" attribute value:
# lssec -f /etc/security/user -s default -a minlen
default minlen=15

If the default "minlen" value is not set, or its value is less than "15", this is a finding.

From the command prompt, run the following command to check "minlen" attribute value for all accounts:
# lsuser -a minlen ALL
root minlen=15
user1 minlen=20
user2 minlen=15
user3 minlen=15

If any users have "minlen" value less than "15", this is a finding.
Fix Text (F-97515r1_fix)
From the command prompt, run the following command to set "minlen=15" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a minlen=15

For each user who has "minlen" value less than "15", set its "minlen" to "15" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a minlen=15