Tom, I wouldn't be surprised if the JSIG and ICDs specifically call out 14+ for a length. An AFMAN may require it too. Just one more way that an AO wants us to tailor SCAP content only when it suits their needs.
Charlie Todd Ball Aerospace On Jan 10, 2019, at 9:12 PM, Albrecht, Thomas C <[email protected]<mailto:[email protected]>> wrote: All, While we're on the topic of source policies, I've been trying to track down the reasoning for the 15 character minimum. I'm sure it's not conjured from nowhere, but the only policy I've found that dictates minimum password length [IA-5(1)] is CNSSI-1253 (Dated Mar 2014) that says 12 characters minimum. "A case sensitive 12-character mix of upper case letters, lower case letters, numbers and special characters in including at least one of each." I checked the classified and intelligence overlays, and didn't see any reference to the control. So, can anyone point me to a policy that leads to 15 characters being in the STIG? Tom A. Thomas Albrecht III, CISSP-ISSEP, RHCSA Cyber Architect | Cyber Inside<https://urldefense.proofpoint.com/v2/url?u=https-3A__insidelm.external.lmco.com_cyber-2Dinside&d=DwMGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=N41igdOMybjbGaUm_ni-2i9VQB3EvDwtNtNcYj3V0l4&s=PR52BlqRiP30sUIB4_Z11Ymdx8l9H7I5egP5L6Szhfk&e=> |CAS2T Lockheed Martin, Rotary and Mission Systems (RMS) 230 Mall Blvd, | King of Prussia, PA [m] 610-906-4356 [email protected]<mailto:[email protected]> <image001.png> _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://urldefense.proofpoint.com/v2/url?u=https-3A__getfedora.org_code-2Dof-2Dconduct.html&d=DwIGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=N41igdOMybjbGaUm_ni-2i9VQB3EvDwtNtNcYj3V0l4&s=qFvjh7L-Z5KCzB5Z53-oozgGV26CZu0-MCnw83TEz68&e= List Guidelines: https://urldefense.proofpoint.com/v2/url?u=https-3A__fedoraproject.org_wiki_Mailing-5Flist-5Fguidelines&d=DwIGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=N41igdOMybjbGaUm_ni-2i9VQB3EvDwtNtNcYj3V0l4&s=IzhP_e3V6FhoE1tSw19jgBI06m_XbMXPrAq6_h4yH-A&e= List Archives: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.fedorahosted.org_archives_list_scap-2Dsecurity-2Dguide-40lists.fedorahosted.org&d=DwIGaQ&c=jF7FvYH6t0RX1HrEjVCgHQ&r=EtM8rzsgMR2aFrLOrhF8eg&m=N41igdOMybjbGaUm_ni-2i9VQB3EvDwtNtNcYj3V0l4&s=aF29pDUq3YvkLjUNqo_u8K1OyfXCRo7-nKafSBUS0Vc&e= This message and any enclosures are intended only for the addressee. Please notify the sender by email if you are not the intended recipient. If you are not the intended recipient, you may not use, copy, disclose, or distribute this message or its contents or enclosures to any other person and any such actions may be unlawful. Ball reserves the right to monitor and review all messages and enclosures sent to or from this email address.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
