All, While we’re on the topic of source policies, I’ve been trying to track down the reasoning for the 15 character minimum. I’m sure it’s not conjured from nowhere, but the only policy I’ve found that dictates minimum password length [IA-5(1)] is CNSSI-1253 (Dated Mar 2014) that says 12 characters minimum.
“A case sensitive 12-character mix of upper case letters, lower case letters, numbers and special characters in including at least one of each.” I checked the classified and intelligence overlays, and didn’t see any reference to the control. So, can anyone point me to a policy that leads to 15 characters being in the STIG? Tom A. Thomas Albrecht III, CISSP-ISSEP, RHCSA Cyber Architect | Cyber Inside<https://insidelm.external.lmco.com/cyber-inside> |CAS2T Lockheed Martin, Rotary and Mission Systems (RMS) 230 Mall Blvd, | King of Prussia, PA [m] 610-906-4356 [email protected]<mailto:[email protected]> [cid:[email protected]]
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
