Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33277 | SRG-OS-000266-NA | SV-43696r1_rule | Medium |
Description |
---|
Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Requiring a minimum number of special characters is one way to increase the complexity of the password and make it less likely that it will be compromised. The parameter should be selected based on a risk assessment that weighs factors, such as the environments the device will be located and operational requirements for users to access data in a timely manner. Rationale for non-applicability: Given the inconvenience of entering special characters on some keyboards of mobile devices, a risk assessment determined that it would be acceptable to have device unlock passwords without special characters. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2012-10-01 |
Check Text ( C-41574r1_chk ) |
---|
This requirement is NA for the Mobile OS SRG. |
Fix Text (F-37207r1_fix) |
---|
The requirement is NA. No fix is required. |