Components shall provide, or integrate into a system that provides, the capability to protect against any given human user account from reusing a password for a configurable number of generations

[github-actions[bot]]

Recommended STIG:

• V-230837
  • Apple macOS must be configured with a firmware password to prevent access to single user mode and booting from alternative media.
• V-230785
  • The macOS system must accept and verify Personal Identity Verification (PIV) credentials, implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network, and only allow the use of DoD PKI-established certificate authorities to verify the establishment of protected sessions.
• V-230762
  • The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup.
• V-230832
  • The macOS system must enforce a 60-day maximum password lifetime restriction.
• V-230831
  • The macOS system must enforce password complexity by requiring that at least one numeric character be used.
• V-230835
  • The macOS system must enforce password complexity by requiring that at least one special character be used.
• V-230756
  • The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked.
• V-230825
  • The macOS system must not allow an unattended or automatic logon to the system.
• V-230833
  • The macOS system must prohibit password reuse for a minimum of five generations.
• V-230744
  • The macOS system must retain the session lock until the user reestablishes access using established identification and authentication procedures.

[github-actions[bot]]

RQCODE doesn't have implemented tests for recommended STIGs currently :pensive:

[github-actions[bot]]

Created issues about not realized tests for STIGs in RQCODE:

• V-230837
• V-230785
• V-230762
• V-230832
• V-230831
• V-230835
• V-230756
• V-230825
• V-230833
• V-230744