STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 4 Release: 9 Benchmark Date: 25 Jan 2019: The application must enforce a 60-day maximum password lifetime restriction.

DISA Rule

SV-84195r1_rule

Vulnerability Number

V-69573

Group Title

SRG-APP-000174

Rule Version

APSC-DV-001770

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the application to have a maximum password lifetime of 60 days.

Check Contents

Review the application documentation and interview the application administrator to identify if the application uses passwords for user authentication.

If the application does not use passwords, the requirement is not applicable.

Access the application management interface and view the user password settings page.

Review user password settings and validate the application is configured to expire and force a password change after 60 days.

If user passwords are not configured to expire after 60 days, or if the application does not have the ability to control this setting, this is a finding.

Vulnerability Number

V-69573

Documentable

False

Rule Version

APSC-DV-001770

Severity Override Guidance

Review the application documentation and interview the application administrator to identify if the application uses passwords for user authentication.

If the application does not use passwords, the requirement is not applicable.

Access the application management interface and view the user password settings page.

Review user password settings and validate the application is configured to expire and force a password change after 60 days.

If user passwords are not configured to expire after 60 days, or if the application does not have the ability to control this setting, this is a finding.

Check Content Reference

M

Target Key

3009

Comments