Prohibiting password reuse for five generations

Network Device Management Rules : Prohibiting password reuse for five generations

Rule Title: RiOS must prohibit password reuse for a minimum of five generations.

STIG ID: RICX-DM-000124

Rule ID: SV-77465r1_rule Severity: CAT II

Vuln ID: V-62975 Class: Unclass

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.

To meet password policy requirements, passwords need to be changed at specific policy-based intervals.

If the network device allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.

Verifying password is not reused for five generations

Verify that RiOS is configured to prohibit password reuse for a minimum of five generations.

1. Connect to the Management Console.

2. Choose Administration > Security: Password Policy to display the Password Policy page.

3. Verify that the Minimum Interval for Password Reuse is set to 5. If the Minimum Interval for Password Reuse is not set to 5, this is a security vulnerability finding.

Configuring passwords to not be reused for five generations

Configure RiOS to prohibit password reuse for a minimum of five generations.

1. Connect to the Management Console.

2. Choose Administration > Security: Password Policy to display the Password Policy page.

3. Specify the value of the Minimum Interval for Password Reuse text box to 5.

4. Click Apply.