STIGQter: STIG Summary: Palo Alto Networks NDM Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 24 Jan 2020:

If multifactor authentication is not available and passwords must be used, the Palo Alto Networks security platform must require that when a password is changed, the characters are changed in at least 8 of the positions within the password.

DISA Rule

SV-77225r1_rule

Vulnerability Number

V-62735

Group Title

SRG-APP-000170-NDM-000329

Rule Version

PANW-NM-000059

Severity

CAT II

CCI(s)

• CCI-000195 - The information system, for password-based authentication, when new passwords are created, enforces that at least an organization-defined number of characters are changed.

Weight

10

Fix Recommendation

Go to Device >> Setup >> Management
In the "Minimum Password Complexity" window, select the "Edit" icon (the gear symbol in the upper-right corner of the pane).
In the "New Password Differs by Characters" field, enter "8".
Check the "Enabled box", then select "OK".
Commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.

Check Contents

Go to Device >> Setup >> Management
View the "Minimum Password Complexity" window.
If the "New Password Differs by Characters" field is not "8", this is a finding.

Vulnerability Number

V-62735

Documentable

False

Rule Version

PANW-NM-000059

Severity Override Guidance

Go to Device >> Setup >> Management
View the "Minimum Password Complexity" window.
If the "New Password Differs by Characters" field is not "8", this is a finding.

Check Content Reference

M

Target Key

2811

Comments