Network Device Management Rules : Ensuring the correct password length
  
Ensuring the correct password length
Rule Title: RiOS must enforce a minimum 15-character password length.
STIG ID: RICX-DM-000114
Rule ID: SV-77451r1_rule Severity: CAT II
Vuln ID: V-62961 Class: Unclass
Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password.
The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.
Verifying the correct password length
Verify that RiOS is configured to enforce a minimum 15-character password length.
1. Connect to the Management Console.
2. Choose Administration > Security: Password Policy to display the Date and Time page.
3. Verify that the Minimum Password Length is set to 15. If the Minimum Password Length is not set to 15, this is a security vulnerability finding.
Configuring the correct password length
Verify that RiOS is configured to enforce a minimum 15-character password length.
1. Connect to the Management Console.
2. Choose Administration > Security: Password Policy to display the Password Policy page.
3. Specify the value of the Minimum Password Length text box to 15.