The operating system must enforce password complexity by the number of special characters used.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33277	SRG-OS-000266-NA	SV-43696r1_rule		Medium

Description
Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Requiring a minimum number of special characters is one way to increase the complexity of the password and make it less likely that it will be compromised. The parameter should be selected based on a risk assessment that weighs factors, such as the environments the device will be located and operational requirements for users to access data in a timely manner. Rationale for non-applicability: Given the inconvenience of entering special characters on some keyboards of mobile devices, a risk assessment determined that it would be acceptable to have device unlock passwords without special characters.

Description

Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Requiring a minimum number of special characters is one way to increase the complexity of the password and make it less likely that it will be compromised. The parameter should be selected based on a risk assessment that weighs factors, such as the environments the device will be located and operational requirements for users to access data in a timely manner. Rationale for non-applicability: Given the inconvenience of entering special characters on some keyboards of mobile devices, a risk assessment determined that it would be acceptable to have device unlock passwords without special characters.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41574r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37207r1_fix)
The requirement is NA. No fix is required.