6061695c85
This patch fixes a ton of broken links, documentation, and reno errors. Change-Id: If6f9a698a813db9aaf1eb4e10520a4c01cd00407
22 lines
705 B
ReStructuredText
22 lines
705 B
ReStructuredText
---
|
|
id: V-71931
|
|
status: opt-in
|
|
tag: accounts
|
|
---
|
|
|
|
Although the STIG requires that a maximum password lifetime is set for all
|
|
interactive user accounts, the security benefits of this configuration are
|
|
debatable. The `draft of NIST Publication 800-63B`_ argues that password
|
|
rotation may reduce overall security in some situations.
|
|
|
|
Deployers can opt-in for this change by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_set_maximum_password_lifetime: yes
|
|
|
|
The tasks will examine each interactive user account and set the maximum
|
|
password age if the existing setting is not equal to 60 days.
|
|
|
|
.. _draft of NIST Publication 800-63B: https://pages.nist.gov/800-63-3/sp800-63b.html
|