Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-72659 | VROM-CS-000135 | SV-87291r1_rule | High |
Description |
---|
Native DBMS authentication may be used only when circumstances make it unavoidable. In such cases, the DoD standards for password complexity and lifetime must be implemented. The rules must be enforced using available configuration parameters or custom code. |
STIG | Date |
---|---|
vRealize - Cassandra Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-72815r1_chk ) |
---|
Review the Cassandra database configuration to ensure the DoD standards for password complexity and lifetime are enforced. Review the DBMS settings relating to password complexity. Determine whether the following rules are enforced. If any are not, this is a finding. a. minimum of 15 characters, including at least one of each of the following character sets: - Upper-case - Lower-case - Numeric - Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <) b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding. c. Password lifetime limits: Minimum 24 hours, maximum 60 days d. Number of password changes before an old one may be reused: Minimum of five |
Fix Text (F-79063r2_fix) |
---|
Configure the Cassandra database to enforce the DoD standards for password complexity and lifetime. Use configuration parameters and/or custom code to enforce the following rules for passwords: a. minimum of 15 characters, including at least one of each of the following character sets: - Upper-case - Lower-case - Numeric - Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <) b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight c. Password lifetime limits: Minimum 24 hours, maximum 60 days d. Number of password changes before an old one may be reused: Minimum of five |