Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33004 | SRG-OS-000077-MOS-000051 | SV-43402r2_rule | Low |
Description |
---|
Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Remembering a specified number of prior device unlock passwords enables the operating system from permitting those passwords to be reused, which increases the resistance against password attacks. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41301r2_chk ) |
---|
Review the mobile operating system configuration for prohibiting a user from reusing any of the last five previously used device unlock passwords. If the mobile operating system allows a user from reusing an organizationally-defined number of previously used device unlock passwords, this is a finding. |
Fix Text (F-36916r2_fix) |
---|
Configure the mobile operating system to prohibit a user from reusing an organizationally-defined number of previously used device unlock passwords. |