SP 800-53 IA-5 (1)(a) globalized to 14+ due to the LM hash factor? On Fri 11 Jan 2019 at 03:12, Albrecht, Thomas C <[email protected]> wrote:
> All, > > > > While we’re on the topic of source policies, I’ve been trying to track > down the reasoning for the 15 character minimum. I’m sure it’s not > conjured from nowhere, but the only policy I’ve found that dictates minimum > password length [IA-5(1)] is CNSSI-1253 (Dated Mar 2014) that says 12 > characters minimum. > > > > “A case sensitive 12-character mix of upper case letters, lower case > letters, numbers and special characters in including at least one of each.” > > > > I checked the classified and intelligence overlays, and didn’t see any > reference to the control. So, can anyone point me to a policy that leads > to 15 characters being in the STIG? > > > > Tom A. > > > > *Thomas Albrecht III*, CISSP-ISSEP, RHCSA > > Cyber Architect | Cyber Inside > <https://insidelm.external.lmco.com/cyber-inside> |CAS2T > > Lockheed Martin, Rotary and Mission Systems (RMS) > > 230 Mall Blvd, | King of Prussia, PA > > [m] 610-906-4356 > > [email protected] > > [image: cid:[email protected]] > > > > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
