_Policy Settings_MX1_MX4_DISA
Password Policies
Policy Setting | Default | Description/Values |
---|---|---|
Minimum Length | 6 characters | Type in the minimum password length (from 6-40 characters). Note Passwords can be up to 80 characters. |
Quality | Basic | Select the required password quality; works in conjunction with Password requires at least below:
|
Strong Requirements | 0 | (Password quality must be Strong) Specify the minimum required number of:
The range is from 0 to 40 for all 3. |
Remember Last (Passwords) | 5 | (Password quality must be Strong) This option determines the number of unique new passwords that must be associated with a user account before an old password can be reused. The range is from 5 to 500. |
Minimum Lifetime (Days) | 0 | (Password quality must be Strong) This option restricts the user's ability to change their password. Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. The range is from 0 (no restriction) to 7 days. |
Password Expiration | Disabled | Check this checkbox to enable Password expiration. |
Session Policies
Policy Setting | Default | Description/Values |
---|---|---|
Auto Logout | Disabled | Check this checkbox to automatically log users out after a specified period of idle time. When enabled, if a user has been inactive for longer than the specified period of time, he/she will be logged out and redirected to the Sign-in page. Systems that are left logged on may represent a security risk for an organization. Note Enabling the Auto-Logout Session policy also limits the number of concurrent sign-ins per account to 4. |
Logout when idle for | N/A if Disabled ---------- 15 minutes if Enabled | (Auto Logout must be enabled) Specifies the maximum length of time the system may be idle before the user will be logged out. Range: 1 - 1440 minutes. |
Limit Login Attempts | Disabled | Check this checkbox to lock a user account after the specified number of consecutive failed sign-in attempts during the specified time period. This may be used to reduce the risk of unauthorized system access via user password guessing. |
Max Failed Attempts | N/A if Disabled ---------- 3 | (Limit Login Attempts must be enabled) Specifies the maximum number of consecutive failed sign-in attempts allowed during the specified time interval before the account will be locked. Range: 3..10 |
Failed Interval (Minutes) | N/A if Disabled ---------- 15 minutes if Enabled | (Limit Login Attempts must be enabled) Specifies the time period during which the consecutive failed sign-in attempts will be counted to lock out the account. Range: 5..60 minutes Note If a user fails the “Max Failed Attempts” within the “Failed interval”, the account will be locked for 10 minutes. |
Account Policies
Policy Setting | Default | Description/Values |
---|---|---|
Disable Inactive Accounts | Disabled | Check this checkbox to enable automatic disabling of user accounts after the specified number of days of account inactivity. |
Inactivity Timeout (Days) | N/A if Disabled ---------- 90 Days if Enabled | (Disable Inactive Accounts must be enabled) Specifies the number of days (since the last login) after which the user account will be disabled. Disabled accounts can be re-enabled either via the “account Tip The system adds one (1) day (or 24hour grace period) to the setting configured by the user. |
Cryptography Policies
Policy Setting | Default | Description/Values |
---|---|---|
Compliance | None | Specifies the required cryptographic compliance, either:
Note Either selection will reinforce security for all management functions of the decoder in terms of cryptography. This setting will take effect upon the next reboot. |
TLS Versions | TLSv1.2, TLSv1.1, TLSv1.0 | Specifies which TLS (Transport Layer Security) versions are accepted from the HTTPS client.
Note SSLv3 can be enabled only if Compliance is set to None. At least one TLS version must be enabled. Tip For backward compatibility considerations, you may choose to disable the older TLS versions not needed by the organization's TLS peers (i.e., browsers, |
HTTP Policies
Policy Setting | Default | Description/Values |
---|---|---|
Strict Transport Security | Disabled | Check this checkbox to enable HTTP Strict Transport Security (HSTS). HSTS forces web browsers to only contact the Web interface over HTTPS, instead of using HTTP. |