Documentation - V-222541

V-222541

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must require the change of at least eight of the total number of characters when passwords are changed.

Description

<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replacement for two-factor CAC-enabled authentication. Examples of situations where a user ID and password might be used include but are not limited to: - When the application user base does not have a CAC and is not a current DOD employee, member of the military, or a DOD contractor. - When an application user has been officially designated as a Temporary Excepti...

Fix Text (Documentation Requirement)

Configure the application to require the change of at least eight characters in the password when passwords are changed.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel