Documentation - V-222540

V-222540

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must enforce password complexity by requiring that at least one special character be used.

Description

<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replacement for two-factor CAC-enabled authentication. Examples of situations where a user ID and password might be used include but are not limited to: - When the application user base does not have a CAC and is not a current DOD employee, member of the military, or a DOD contractor. - When an application user has been officially designated as a Temporary Excepti...

Fix Text (Documentation Requirement)

Configure the application to require at least one special character in the password.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel