UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users must not be able to change passwords more than once every 24 hours.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38477 RHEL-06-000051 SV-50277r1_rule Medium
Description
Setting the minimum password age protects against users cycling back to a favorite password after satisfying the password reuse requirement.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2016-12-16

Details

Check Text ( C-46032r1_chk )
To check the minimum password age, run the command:

$ grep PASS_MIN_DAYS /etc/login.defs

The DoD requirement is 1.
If it is not set to the required value, this is a finding.
Fix Text (F-43422r1_fix)
To specify password minimum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:

PASS_MIN_DAYS [DAYS]

A value of 1 day is considered sufficient for many environments. The DoD requirement is 1.