On 4/26/12 8:05 PM, Willy Santos wrote:
CCI-000200 requires the OS to prohibit password reuse for an
organization-defined number of generations. This is met by the limit_password_reuse rule
and enforced by PAM.
Signed-off-by: Willy Santos<wsantos(a)redhat.com>
---
rhel6/src/input/system/accounts/pam.xml | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/rhel6/src/input/system/accounts/pam.xml
b/rhel6/src/input/system/accounts/pam.xml
index bc91277..0bf95ff 100644
--- a/rhel6/src/input/system/accounts/pam.xml
+++ b/rhel6/src/input/system/accounts/pam.xml
@@ -373,6 +373,7 @@ compromised could be used yet again by an attacker.
<ident cce="14939-3" />
<oval id="accounts_password_reuse_limit"
value="password_history_retain_number"/>
<ref nist="IA-5" />
+<ident cci="CCI-000200" />
</Rule>
</Group>
Ack
--
Shawn Wells
Technical Director,
U.S. Intelligence Programs
(e) shawn(a)redhat.com
(c) 443.534.0130