The Palo Alto Networks security platform must not use Password Profiles.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-228675 | PANW-NM-000142 | SV-228675r961863_rule | CCI-000366 | medium |
| Description | ||||
| Password profiles override settings made in the Minimum Password Complexity window. If Password Profiles are used they can bypass password complexity requirements. | ||||
| STIG | Date | |||
| Palo Alto Networks NDM Security Technical Implementation Guide | 2025-03-12 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V3R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V3R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V3R3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V3R3 · disa_xccdf · related
Details
Check Text (C-228675r961863_chk)
Go to Device >> Password Profiles
If there are configured Password Profiles, this is a finding.
Fix Text (F-30887r513629_fix)
Go to Device >> Password Profiles
If the screen is blank (no configured Password Profiles), do nothing.
If there are configured Password Profiles, identify which accounts are using them and bring this to the attention of the ISSO immediately.
Delete the Password Profiles when authorized to make changes to the device in accordance with local change management policies.