Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must prohibit the reuse of passwords to 15 iterations.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4084 | GEN000800 M6 | SV-38632r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| If a user, or root, used the same password continuously or was allowed to change it back shortly after being forced to change it to something else, it would provide a potential intruder with the opportunity to keep guessing at the user's password until it was guessed correctly. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2013-04-09 |
Details
| Check Text ( C-37781r1_chk ) |
|---|
| Open a terminal session and use the following command to view the setting for password history. sudo pwpolicy -n -getglobalpolicy | tr " " "\n" | grep usingHistory If the value of usingHistory is less than 15, this is a finding. NOTE: If the command returns a response of password server is not configured, the system is not managed. Use the following command for non-managed systems. pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep usingHistory |
| Fix Text (F-33031r1_fix) |
|---|
| Open a terminal session and use the following command to set the value for usingHistory. sudo pwpolicy -n -setglobalpolicy "usingHistory=15" NOTE: For non-managed system, use the following command. pwpolicy -n /Local/Default -setglobalpolicy "usingHistory=15" |