| Note: The CLI Access is in lockdown mode by default when being managed by ePO. Since the CLI Access can be recovered for troubleshooting, this requirement needs to be met. |
Since the Solidcore CLI does not allow for technical enforcement of password complexity the enforcement will be via this written policy directive.
Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting.
Review the written policy for CLI password complexity requirements.
Verify the policy requires the password to be 15 characters in length and contain a mix of at least one lower-case, one upper-case, one number, and one special character.
If the written policy does not document the requirement for password complexity and/or does not specify the password must be 15 characters in length and contain a mix of at least one lower-case, one upper-case, one number, and one special character, this is a finding.