The Photon operating systems must enforce a 90-day maximum password lifetime restriction.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258821	PHTN-40-000042	SV-258821r933524_rule	CCI-000199	medium
Description
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.
STIG			Date
VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide			2023-10-29

Related Frameworks

6 paths across 3 frameworks

NIST 800-531 mapping

IA-5(1)

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1714 mappings

3.5.10

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

3.5.7

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

3.5.8

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

3.5.9

1.00

DISA · V1R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-000199

1.00

DISA · V1R1 · disa_xccdf · related

Details

Check Text (C-258821r933524_chk)

At the command line, run the following command to verify a 90-day maximum password lifetime restriction: # grep '^PASS_MAX_DAYS' /etc/login.defs If "PASS_MAX_DAYS" is not set to <= 90, is missing or commented out, this is a finding.

Fix Text (F-62470r933523_fix)

Navigate to and open: /etc/login.defs Add or update the following line: PASS_MAX_DAYS 90