mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-03-04 09:13:19 +00:00
54 lines
1.3 KiB
YAML
54 lines
1.3 KiB
YAML
id: pwpolicy_simple_sequence_disable
|
|
title: "Prohibit Repeating, Ascending, and Descending Character Sequences"
|
|
discussion: |
|
|
The macOS _MUST_ be configured to prohibit the use of repeating, ascending, and descending character sequences when a password is created.
|
|
|
|
This rule enforces password complexity by requiring users to set passwords that are less vulnerable to malicious users.
|
|
|
|
NOTE: The guidance for password based authentication in NIST 800-53 (Rev 5) and NIST 800-63B state that complexity rules should be organizationally defined. The values defined are based off of common complexity values. But your organization may define its own password complexity rules.
|
|
check: |
|
|
/usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'allowSimple = 0'
|
|
result:
|
|
integer: 1
|
|
fix: |
|
|
This is implemented by a Configuration Profile.
|
|
references:
|
|
cce:
|
|
- CCE-91039-8
|
|
cci:
|
|
- N/A
|
|
800-53r5:
|
|
- IA-5(1)
|
|
800-53r4:
|
|
- IA-5
|
|
- IA-5(1)
|
|
srg:
|
|
- N/A
|
|
disa_stig:
|
|
- N/A
|
|
800-171r2:
|
|
- 3.5.1
|
|
- 3.5.2
|
|
- 3.5.7
|
|
- 3.5.8
|
|
- 3.5.9
|
|
- 3.5.10
|
|
cisv8:
|
|
- 5.2
|
|
macOS:
|
|
- "12.0"
|
|
tags:
|
|
- 800-171
|
|
- cnssi-1253
|
|
- 800-53r4_low
|
|
- 800-53r4_moderate
|
|
- 800-53r4_high
|
|
- 800-53r5_low
|
|
- 800-53r5_moderate
|
|
- 800-53r5_high
|
|
- cisv8
|
|
mobileconfig: true
|
|
mobileconfig_info:
|
|
com.apple.mobiledevice.passwordpolicy:
|
|
allowSimple: false
|