The mobile operating system must disallow more than an organizationally-defined quantity of sequential numbers (e.g., 456) in the device unlock password.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33290	SRG-OS-999999-MOS-000133	SV-43709r2_rule		Medium

Description
Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Passwords with sequential numbers (e.g., 456 or 987) are considered easier to crack than random patterns. Therefore, disallowing sequential numbers makes it more difficult for an adversary to discover the password.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41587r2_chk )
Review the mobile operating system password complexity configuration settings to determine if the device unlock password disallows more than an organizationally-defined quantity of sequential numbers (e.g., 456). If password complexity configuration settings do not require the device unlock password to disallow more than the organizationally-defined quantity of sequential numbers, this is a finding.

Check Text ( C-41587r2_chk )

Review the mobile operating system password complexity configuration settings to determine if the device unlock password disallows more than an organizationally-defined quantity of sequential numbers (e.g., 456). If password complexity configuration settings do not require the device unlock password to disallow more than the organizationally-defined quantity of sequential numbers, this is a finding.

Fix Text (F-37220r2_fix)
Configure the mobile operating system to disallow more than an organizationally-defined quantity of sequential numbers in the device unlock password.