STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must enforce password complexity by requiring that at least one numeric character be used.

DISA Rule

SV-215219r508663_rule

Vulnerability Number

V-215219

Group Title

SRG-OS-000071-GPOS-00039

Rule Version

AIX7-00-001122

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

From the command prompt, run the following command to set "mindigit=1" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a mindigit=1

For each user who has "mindigit=0" set its "mindigit" to "1" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a mindigit=1

Check Contents

From the command prompt, run the following command to check the system default "mindigit" attribute value:
# lssec -f /etc/security/user -s default -a mindigit
default mindigit=1

If the default "mindigit" value is not set, or its value is less than "1", this is a finding.

From the command prompt, run the following command to check mindigit attribute value for all accounts:
# lsuser -a mindigit ALL
root mindigit=1
user2 mindigit=2

If any user's "mindigit" value is less than "1", this is a finding.

Vulnerability Number

V-215219

Documentable

False

Rule Version

AIX7-00-001122

Severity Override Guidance

From the command prompt, run the following command to check the system default "mindigit" attribute value:
# lssec -f /etc/security/user -s default -a mindigit
default mindigit=1

If the default "mindigit" value is not set, or its value is less than "1", this is a finding.

From the command prompt, run the following command to check mindigit attribute value for all accounts:
# lsuser -a mindigit ALL
root mindigit=1
user2 mindigit=2

If any user's "mindigit" value is less than "1", this is a finding.

Check Content Reference

M

Target Key

4012

Comments