Skip to main content

_Policy Settings_MX1_MX4_DISA

Password Policies

Policy SettingDefaultDescription/Values
Minimum Length6 characters

Type in the minimum password length (from 6-40 characters).

Note

Passwords can be up to 80 characters.
QualityBasic

Select the required password quality; works in conjunction with Password requires at least below:

  • Basic: Sets the minimum password length as the only requirement to accept a new password.
  • Strong: Adds more strict requirements to the password structure. Checks for minimum length as well as other criteria such as minimum number of required upper case characters, digits, and symbols.
Strong Requirements0

(Password quality must be Strong) Specify the minimum required number of:

  • Uppercase letters
  • Digits
  • Symbols

The range is from 0 to 40 for all 3.

Remember Last (Passwords)

5

(Password quality must be Strong) This option determines the number of unique new passwords that must be associated with a user account before an old password can be reused.

The range is from 5 to 500.

Minimum Lifetime (Days)0

(Password quality must be Strong) This option restricts the user's ability to change their password. Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. 

The range is from 0 (no restriction) to 7 days.

Password ExpirationDisabledCheck this checkbox to enable Password expiration.

Session Policies

Policy SettingDefaultDescription/Values
Auto LogoutDisabled

Check this checkbox to automatically log users out after a specified period of idle time.

When enabled, if a user has been inactive for longer than the specified period of time, he/she will be logged out and redirected to the Sign-in page. Systems that are left logged on may represent a security risk for an organization.

Note

Enabling the Auto-Logout Session policy also limits the number of concurrent sign-ins per account to 4. 

Logout when idle forN/A if Disabled
----------
15 minutes if Enabled

(Auto Logout must be enabled) Specifies the maximum length of time the system may be idle before the user will be logged out. Range: 1 - 1440 minutes.

Limit Login AttemptsDisabled

Check this checkbox to lock a user account after the specified number of consecutive failed sign-in attempts during the specified time period. This may be used to reduce the risk of unauthorized system access via user password guessing. 

Max Failed AttemptsN/A if Disabled
----------
3
(Limit Login Attempts must be enabled) Specifies the maximum number of consecutive failed sign-in attempts allowed during the specified time interval before the account will be locked. Range: 3..10
Failed Interval (Minutes)N/A if Disabled
----------
15 minutes if Enabled

(Limit Login Attempts must be enabled) Specifies the time period during which the consecutive failed sign-in attempts will be counted to lock out the account. Range: 5..60 minutes   

Note

If a user fails the “Max Failed Attempts” within the “Failed interval”, the account will be locked for 10 minutes.

Account Policies

Policy SettingDefaultDescription/Values
Disable Inactive AccountsDisabled

Check this checkbox to enable automatic disabling of user accounts after the specified number of days of account inactivity.

Inactivity Timeout (Days)N/A if Disabled
----------
90 Days if Enabled

(Disable Inactive Accounts must be enabled) Specifies the number of days (since the last login) after which the user account will be disabled.

Disabled accounts can be re-enabled either via the “account <uname> enable” CLI command or from the Web Interface Admin>Accounts List View where the Action drop-down list will include an option to re-enable a disabled account.

Tip

The system adds one (1) day (or 24hour grace period) to the setting configured by the user.

Cryptography Policies

Policy SettingDefaultDescription/Values
ComplianceNone

Specifies the required cryptographic compliance, either:

  • None
  • FIPS 140-2: Applies cryptographic modules accredited under the Federal Information Processing Standard (FIPS) Publication 140-2.
  • NDPP v1.1: Activates cryptographic security to a level compliant with the National Information Assurance Partnership (NIAP) Network Device Protection Profile, Revision 1.1.
  • SP800-52 Revision 1 (deprecated): Applies cryptographic modules accredited under the National Institute of Standards and Technology (NIST) Special Publication 800-52, Revision 1.
  • SP800-52 Revision 2: Supersedes SP800-52 Revision 1. Applies cryptographic modules accredited under the NIST Special Publication 800-52, Revision 2.

Note

Either selection will reinforce security for all management functions of the decoder in terms of cryptography. This setting will take effect upon the next reboot.
TLS VersionsTLSv1.2, TLSv1.1, TLSv1.0

Specifies which TLS (Transport Layer Security) versions are accepted from the HTTPS client.

  • TLSv1.2
  • TLSv1.1
  • TLSv1.0
  • SSLv3

Note

SSLv3 can be enabled only if Compliance is set to None. At least one TLS version must be enabled.

Tip

For backward compatibility considerations, you may choose to disable the older TLS versions not needed by the organization's TLS peers (i.e., browsers, syslog server) and plan the upgrade of those not supporting the latest TLS version with the objective of enabling only the latest TLS version.

HTTP Policies

Policy SettingDefaultDescription/Values
Strict Transport SecurityDisabled

Check this checkbox to enable HTTP Strict Transport Security (HSTS). HSTS forces web browsers to only contact the Web interface over HTTPS, instead of using HTTP. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.