Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Newly created password content must be checked.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25238 | OSX00040 M6 | SV-37177r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Configure the local system to verify newly created passwords do not contain user's account name or parts of the user's full name exceeding two consecutive characters. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Details
| Check Text ( C-35881r1_chk ) |
|---|
| Open a terminal session and use the following command to view the setting for "password cannot be name". sudo pwpolicy -n -getglobalpolicy | tr " " "\n" | grep passwordCannotBeName If the value of "passwordCannotBeName" is not equal to "1", this is a finding. NOTE: If the command returns a response of "password server is not configured", the system is not managed. Use the following command for non-managed systems. pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep passwordCannotBeName If the value of "passwordCannotBeName" is not equal to "1", this is a finding. |
| Fix Text (F-31136r1_fix) |
|---|
| Open a terminal session and use the following command to set the value for "password cannot be name". sudo pwpolicy -n -setglobalpolicy "passwordCannotBeName=1" NOTE: For non-managed system, use the following command. pwpolicy -n /Local/Default -setglobalpolicy "passwordCannotBeName=1" |