The operating system must enforce the number of characters changed when passwords are changed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-28885 | SRG-OS-000072 | SV-36876r1_rule | Medium |
| Description |
|---|
| Passwords need to be changed at specific policy based intervals. If the operating system allows the user to consecutively reuse extensive portions of their password when they change their password, the end result is a password that may be compromised if the old password was known or guessable. |
| STIG | Date |
|---|---|
| Operating System Security Requirements Guide | 2013-03-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |