Ensuring passwords have a lowercase character
Rule Title: RiOS must enforce password complexity by requiring that at least one lowercase character be used.
STIG ID: RICX-DM-000116
Rule ID: SV-77455r1_rule Severity: CAT II
Vuln ID: V-62965 Class: Unclass
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.
Verifying passwords have a lowercase character
Verify that RiOS is configured to enforce password complexity that requires at least one lowercase character.
1. Connect to the Management Console.
2. Choose Administration > Security: Password Policy to display the Password Policy page.
3. Verify that the Minimum Uppercase Characters is set to 1. If the Minimum Lowercase Characters is not set to 1, this is a security vulnerability finding.
Configuring passwords to have a lowercase character
Configure RiOS to enforce a password complexity that requires at least one lowercase character.
1. Connect to the Management Console.
2. Choose Administration > Security: Password Policy to display the Password Policy page.
3. Specify the value of the Minimum Lowercase Characters text box to 1.
4. Click Apply.