Documentation - V-222544

V-222544

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must enforce 24 hours/1 day as the minimum password lifetime.

Description

<VulnDiscussion>Use of passwords for application authentication is intended only for limited situations and should not be used as a replacement for two-factor CAC-enabled authentication. Examples of situations where a user ID and password might be used include but are not limited to: - When the application user base does not have a CAC and is not a current DOD employee, member of the military, or a DOD contractor. - When an application user has been officially designated as a Temporary Excepti...

Fix Text (Documentation Requirement)

Configure the application to have a minimum password lifetime of 24 hours.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel