_Policy Settings_DISA_TO_DELETE
Password Policies
| Policy Setting | Default | Description/Values |
|---|---|---|
| Minimum password length | 6 characters | Type in the minimum password length (from 6-40 characters). Note Passwords can be up to 80 characters. |
| Password quality | Basic | Select the required password quality; works in conjunction with Password requires at least below:
|
| Password requires at least | 0 | (Password quality must be Strong) Specify the minimum required number of:
The range is from 0 to 40 for all 3. |
| Remember Last | 5 | (Password quality must be Strong) This option determines the number of unique new passwords that must be associated with a user account before an old password can be reused. The range is from 5 to 500. |
| Password expiration | Disabled | To enable Password expiration, check the checkbox. |
| Change password after | N/A if Disabled ---------- 90 days if Enabled | (Password expiration must be enabled) Type in the number of days after which users must change their passwords (from 1-180 days). |
Session Policies
| Policy Setting | Default | Description/Values |
|---|---|---|
| Auto Logout | Disabled | Check this checkbox to automatically log users out after a specified period of idle time. When enabled, if a user has been inactive for longer than the specified period of time, he/she will be logged out and redirected to the Sign-in page. Systems that are left logged on may represent a security risk for an organization. |
| Logout when idle for | N/A if Disabled ---------- 15 minutes if Enabled | (Auto Logout must be enabled) Type in the maximum length of time the system may be idle before the user will be logged out (from 1 - 1440 minutes). |
| Limit Login Attempts | Disabled | Check this checkbox to limit the number of failed sign-in attempts by a user during the specified time period. This may be used to reduce the risk of unauthorized system access via user password guessing. TBD - IS THIS TRUE/ DOES IT APPLY HERE??? When enabled, only 4 admin users can be signed in at the same time. |
| Max Failed Attempts | N/A if Disabled ---------- 3 | (Limit Login Attempts must be enabled) Specifies the maximum number of failed password attempts allowed during the specified time interval. Range: 3..10 |
| Failed Interval (Minutes) | N/A if Disabled ---------- 15 minutes if Enabled | Limit Login Attempts must be enabled) Specifies the time interval within which exceeding the specified number of failed password attempts will result in the user's account being locked. Range: 5..60 minutes TBD - OK??? |
Account Policies
| Policy Setting | Default | Description/Values |
|---|---|---|
| Disable Inactive Accounts | Disabled | Check this checkbox to enable automatic disabling of user accounts after the specified number of days of account inactivity. |
| Inactivity Timeout (Days) | N/A if Disabled ---------- 90 Days if Enabled | (Disable Inactive Accounts must be enabled) Type in the number of days (since the last login) after which the user account will be disabled. |
Cryptography Policies
| Policy Setting | Default | Description/Values |
|---|---|---|
| Compliance | None | Specifies the required cryptographic compliance, either:
Note Either selection will reinforce security for all management functions of the decoder in terms of cryptography. This setting will take effect upon the next reboot. |
| TLS Versions | TLSv1.2, TLSv1.1, TLSv1.0 | Specifies which TLS (Transport Layer Security) versions are accepted from the HTTPS client.
Note SSLv3 can be enabled only if Compliance is set to None. At least one TLS version must be enabled. |
HTTP Policies
| Policy Setting | Default | Description/Values |
|---|---|---|
| Strict Transport Security | Disabled | When enabled, HTTP Strict Transport Security (HSTS) forces web browsers to only contact the Web interface over HTTPS, instead of using HTTP. |