The device minimum password/passcode length must be set as required.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25016 | WIR-MOS-PDA-011 | SV-32705r1_rule | ECWN-1 IAIA-1 | Medium |
| Description |
|---|
| If the length of the passcode is less than the required length, brute force password attacks will take less time than they would otherwise. Successful attacks will compromise authentication credentials and potentially compromise other sensitive DoD information. |
| STIG | Date |
|---|---|
| PDA Security Technical Implementation Guide (STIG) | 2013-03-14 |
Details
| Check Text ( C-32926r1_chk ) |
|---|
| Detailed Policy Requirements: PDAs and smartphones must be protected by authenticated login procedures to unlock the device. The device password is set to eight or more characters. Check Procedures: Check a sample (3-4 devices) on site PDAs and verify unlock password is set to 8 or more characters. |
| Fix Text (F-27687r3_fix) |
|---|
| Set the CMD minimum password/passcode length to 4 or more characters. |