The macOS system must enforce password complexity by requiring that at least one numeric character be used.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-225205	AOSX-15-003007	SV-225205r610901_rule		Medium

Description
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.

Description

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.

STIG	Date
Apple OS X 10.15 (Catalina) Security Technical Implementation Guide	2021-11-19

Details

Check Text ( C-26904r467783_chk )
To check the currently applied policies for passwords and accounts, use the following command: /usr/sbin/system_profiler SPConfigurationProfileDataType \| /usr/bin/grep requireAlphanumeric If the return is not “requireAlphanumeric = 1”, this is a finding.

Fix Text (F-26892r467784_fix)
This setting is enforced using the "Passcode Policy" configuration profile.