STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must enforce a minimum 15-character password length.

DISA Rule

SV-80405r1_rule

Vulnerability Number

V-65915

Group Title

SRG-APP-000164

Rule Version

TMDS-00-000140

Severity

CAT II

CCI(s)

• CCI-000205 - The information system enforces minimum password length.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to enforce a minimum 15-character password length.

Configure the policy value for minimum password length.

Under the Administration >> System Settings >> Security tab, set the value for “User password minimum length” to 15.

Check Contents

Review the Trend Deep Security server configuration to ensure a minimum 15-character password length is enforced.

Verify the policy value for minimum password length.

If the value for “User password minimum length” under the Administration >> System Settings >> Security tab is not set to 15, this is a finding.

Vulnerability Number

V-65915

Documentable

False

Rule Version

TMDS-00-000140

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure a minimum 15-character password length is enforced.

Verify the policy value for minimum password length.

If the value for “User password minimum length” under the Administration >> System Settings >> Security tab is not set to 15, this is a finding.

Check Content Reference

M

Target Key

2955

Comments