Documentation - V-222536

V-222536

Application Security and Development Security Technical Implementation Guide

CAT I

Title

The application must enforce a minimum 15-character password length.

Description

<VulnDiscussion>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Use of passwords for application authentication is intended only for limited situations and should not be used as a replacement for two-factor CAC-enabled authentication. Examples of situations where a user ID and password might be used include but are not limited to: - When the application user base does not have a CAC and is not a current DOD emp...

Fix Text (Documentation Requirement)

Configure the application to require 15 characters in the password.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel