STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The Cassandra database must enforce the DoD standards for password complexity and lifetime.

DISA Rule

SV-87291r1_rule

Vulnerability Number

V-72659

Group Title

SRG-APP-000164-DB-000401

Rule Version

VROM-CS-000135

Severity

CAT I

CCI(s)

• CCI-000192 - The information system enforces password complexity by the minimum number of upper case characters used.

Weight

10

Fix Recommendation

Configure the Cassandra database to enforce the DoD standards for password complexity and lifetime.

Use configuration parameters and/or custom code to enforce the following rules for passwords:

a. minimum of 15 characters, including at least one of each of the following character sets:
- Upper-case
- Lower-case
- Numeric
- Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <)
b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight
c. Password lifetime limits: Minimum 24 hours, maximum 60 days
d. Number of password changes before an old one may be reused: Minimum of five

Check Contents

Review the Cassandra database configuration to ensure the DoD standards for password complexity and lifetime are enforced.

Review the DBMS settings relating to password complexity. Determine whether the following rules are enforced. If any are not, this is a finding.

a. minimum of 15 characters, including at least one of each of the following character sets:
- Upper-case
- Lower-case
- Numeric
- Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <)
b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight

Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding.

c. Password lifetime limits: Minimum 24 hours, maximum 60 days
d. Number of password changes before an old one may be reused: Minimum of five

Vulnerability Number

V-72659

Documentable

False

Rule Version

VROM-CS-000135

Severity Override Guidance

Review the Cassandra database configuration to ensure the DoD standards for password complexity and lifetime are enforced.

Review the DBMS settings relating to password complexity. Determine whether the following rules are enforced. If any are not, this is a finding.

a. minimum of 15 characters, including at least one of each of the following character sets:
- Upper-case
- Lower-case
- Numeric
- Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <)
b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight

Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding.

c. Password lifetime limits: Minimum 24 hours, maximum 60 days
d. Number of password changes before an old one may be reused: Minimum of five

Check Content Reference

M

Target Key

3179

Comments