Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-252567 | ASP4-CS-040200 | SV-252567r817871_rule | Medium |
Description |
---|
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements. |
STIG | Date |
---|---|
IBM Aspera Platform 4.2 Security Technical Implementation Guide | 2022-08-24 |
Check Text ( C-56023r817869_chk ) |
---|
Verify IBM Aspera Console passwords are prohibited from reuse for a minimum of five generations: - Log in to the IBM Aspera Console web page as a user with administrative privilege. - Select the "Configuration" tab. - Select the "Defaults" tab. - Scroll down to the "Console Password Options" section. - Verify the "Password Expiration" option is checked. - Verify the "Password Reuse Limit" option is set to "5" or more. If the "Password Expiration" option is not checked, this is a finding. If the "Password Reuse Limit" is set to less than "5" or is set to "0", this is a finding. |
Fix Text (F-55973r817870_fix) |
---|
Configure IBM Aspera Console passwords to be prohibited from reuse for a minimum of five generations: - Log in to the IBM Aspera Console web page as a user with administrative privilege. - Select the "Configuration" tab. - Select the "Defaults" tab. - Scroll down to the "Console Password Options" section. - Put a check in the "Password Expiration" check box. - Edit the "Password Reuse Limit" option to "5" or more. Note: "0" disables the "Password Reuse Limit" option. - Select "Save" at the bottom of the page. |