Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must force the user to change an organizationally-defined minimum number of characters of the device unlock password whenever the passcode is changed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32999 | SRG-OS-000072-MOS-000047 | SV-43397r2_rule | Medium |
| Description |
|---|
| If an adversary learns part or all of a password, the adversary can use this information to more easily crack a user's subsequent passwords if the passwords do not differ significantly from one to the next. Requiring a user to change a specified minimum of characters in the password is an effective way of preserving the protection provided by password complexity in this context. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41296r2_chk ) |
|---|
| Review the mobile operating system password complexity configuration settings to determine if the device unlock password requires an organizationally-defined minimum number of characters to be modified whenever the passcode is changed. If password complexity configuration settings do not require an organizationally-defined minimum number of characters to be changed, this is a finding. |
| Fix Text (F-36911r2_fix) |
|---|
| Configure the mobile operating system to enforce an organizationally-defined minimum number of characters to be changed when the device unlock password is changed. |