Not sure if this is relevant: https://support.microsoft.com/en-ca/help/299656/how-to-prevent-windows-from-storing-a-lan-manager-hash-of-your-passwor
From: [email protected] Sent: January 11, 2019 3:36 PM To: [email protected] Reply to: [email protected] Cc: [email protected] Subject: Re: Minimum Password Length (15 vs 12) I haven't checked just yet, but I believe the password length information is within the OF A 500-27 and possibly within the CNSSI 1253 Appendix J (depending on customer requirements. Get Outlook for Android<https://aka.ms/ghei36> ________________________________ From: Jerome Athias <[email protected]> Sent: Friday, January 11, 2019 2:27:20 PM To: SCAP Security Guide Cc: Shawn Wells Subject: Re: Minimum Password Length (15 vs 12) SP 800-53 IA-5 (1)(a) globalized to 14+ due to the LM hash factor? On Fri 11 Jan 2019 at 03:12, Albrecht, Thomas C <[email protected]<mailto:[email protected]>> wrote: All, While we’re on the topic of source policies, I’ve been trying to track down the reasoning for the 15 character minimum. I’m sure it’s not conjured from nowhere, but the only policy I’ve found that dictates minimum password length [IA-5(1)] is CNSSI-1253 (Dated Mar 2014) that says 12 characters minimum. “A case sensitive 12-character mix of upper case letters, lower case letters, numbers and special characters in including at least one of each.” I checked the classified and intelligence overlays, and didn’t see any reference to the control. So, can anyone point me to a policy that leads to 15 characters being in the STIG? Tom A. Thomas Albrecht III, CISSP-ISSEP, RHCSA Cyber Architect | Cyber Inside<https://insidelm.external.lmco.com/cyber-inside> |CAS2T Lockheed Martin, Rotary and Mission Systems (RMS) 230 Mall Blvd, | King of Prussia, PA [m] 610-906-4356 [email protected]<mailto:[email protected]> [cid:[email protected]] _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
