UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users must not be able to change passwords more than once every 24 hours.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38477 RHEL-06-000051 SV-50277r1_rule Medium
Description
Setting the minimum password age protects against users cycling back to a favorite password after satisfying the password reuse requirement.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2017-04-28

Details

Check Text ( None )
None
Fix Text (F-43422r1_fix)
To specify password minimum age for new accounts, edit the file "/etc/login.defs" and add or correct the following line, replacing [DAYS] appropriately:

PASS_MIN_DAYS [DAYS]

A value of 1 day is considered sufficient for many environments. The DoD requirement is 1.