If DBMS authentication, using passwords, is employed, the DBMS must enforce the DoD standards for password complexity and lifetime.
Review the DBMS settings relating to password complexity. Determine whether the following rules are enforced. If any are not, this is a finding.
a. minimum of 15 characters, including at least one of each of the following character sets:
- Upper-case
- Lower-case
- Numerics
- Special characters (e.g., ~ ! @ # $ % ^ & * ( ) _ + = - ' [ ] / ? > <)
b. Minimum number of characters changed from previous password: 50 percent of the minimum password length; that is, eight
Review the DBMS settings relating to password lifetime. Determine whether the following rules are enforced. If any are not, this is a finding.
a. Password lifetime limits for interactive accounts: Minimum 24 hours, maximum 60 days
b. Password lifetime limits for non-interactive accounts: Minimum 24 hours, maximum 365 days
c. Number of password changes before an old one may be reused: Minimum of five
https://www.stigviewer.com/stig/database_security_requirements_guide/2020-03-06/finding/V-61407#:~:text=The%20DoD%20standard%20for%20authentication,and%20lifetime%20must%20be%20implemented.
Dx NetOps Performance Management 21.2.x
We support these abilities in SsoConfig:
Enforce password requirements (default: Enabled): Enabled Allow REST to create users with usernames and passwords that match (default: Enabled): Enabled Minimum password length (default: 8): 8 Password lifespan (default:105 days): 105 Disable password expiration for a specific user: Enable password expiration for a specific user: Expire password for a specific user: Expire all passwords immediately: Failed login attempts before blocking (default 6): 6 Timeframe for failed login attempts (default 3 minutes): 3 Disable user after failed login attempts (default: Disabled): Enabled Number of minutes to block IP address after failed login attempts (default: 0 minutes (Disabled)): 0 Block all local user accounts (default: Disabled): Disabled