I haven't checked just yet, but I believe the password length information is within the OF A 500-27 and possibly within the CNSSI 1253 Appendix J (depending on customer requirements.
Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: Jerome Athias <[email protected]> Sent: Friday, January 11, 2019 2:27:20 PM To: SCAP Security Guide Cc: Shawn Wells Subject: Re: Minimum Password Length (15 vs 12) SP 800-53 IA-5 (1)(a) globalized to 14+ due to the LM hash factor? On Fri 11 Jan 2019 at 03:12, Albrecht, Thomas C <[email protected]<mailto:[email protected]>> wrote: All, While we’re on the topic of source policies, I’ve been trying to track down the reasoning for the 15 character minimum. I’m sure it’s not conjured from nowhere, but the only policy I’ve found that dictates minimum password length [IA-5(1)] is CNSSI-1253 (Dated Mar 2014) that says 12 characters minimum. “A case sensitive 12-character mix of upper case letters, lower case letters, numbers and special characters in including at least one of each.” I checked the classified and intelligence overlays, and didn’t see any reference to the control. So, can anyone point me to a policy that leads to 15 characters being in the STIG? Tom A. Thomas Albrecht III, CISSP-ISSEP, RHCSA Cyber Architect | Cyber Inside<https://insidelm.external.lmco.com/cyber-inside> |CAS2T Lockheed Martin, Rotary and Mission Systems (RMS) 230 Mall Blvd, | King of Prussia, PA [m] 610-906-4356 [email protected]<mailto:[email protected]> [cid:[email protected]] _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
