From eeba9c5396cfd26458f1e74b759136c109b3a1e6 Mon Sep 17 00:00:00 2001 From: jpower432 Date: Tue, 4 Mar 2025 16:38:50 +0000 Subject: [PATCH 1/3] Automatic updates from trestlebot! --- catalogs/anssi/catalog.json | 2079 +++++++++++++++++++++++++++++++++++ 1 file changed, 2079 insertions(+) create mode 100644 catalogs/anssi/catalog.json diff --git a/catalogs/anssi/catalog.json b/catalogs/anssi/catalog.json new file mode 100644 index 000000000..c467ef9f6 --- /dev/null +++ b/catalogs/anssi/catalog.json @@ -0,0 +1,2079 @@ +{ + "catalog": { + "uuid": "edd32ad1-950f-4805-a33d-ad6522f45227", + "metadata": { + "title": "Catalog for anssi", + "last-modified": "2025-03-04T16:38:50.632826+00:00", + "version": "REPLACE_ME", + "oscal-version": "1.1.2" + }, + "params": [], + "groups": [ + { + "id": "r1", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r1", + "class": "CAC_IMPORT", + "title": "Hardware Support", + "params": [], + "props": [ + { + "name": "label", + "value": "R1" + }, + { + "name": "sort-id", + "value": "r1" + } + ], + "parts": [ + { + "id": "r1_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r2", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r2", + "class": "CAC_IMPORT", + "title": "Hardware Configuration", + "params": [], + "props": [ + { + "name": "label", + "value": "R2" + }, + { + "name": "sort-id", + "value": "r2" + } + ], + "parts": [ + { + "id": "r2_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r3", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r3", + "class": "CAC_IMPORT", + "title": "Uefi Secure Boot Activation", + "params": [], + "props": [ + { + "name": "label", + "value": "R3" + }, + { + "name": "sort-id", + "value": "r3" + } + ], + "parts": [ + { + "id": "r3_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r4", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r4", + "class": "CAC_IMPORT", + "title": "Replacing Of Preloaded Keys", + "params": [], + "props": [ + { + "name": "label", + "value": "R4" + }, + { + "name": "sort-id", + "value": "r4" + } + ], + "parts": [ + { + "id": "r4_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r5", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r5", + "class": "CAC_IMPORT", + "title": "Boot Loader Password", + "params": [], + "props": [ + { + "name": "label", + "value": "R5" + }, + { + "name": "sort-id", + "value": "r5" + } + ], + "parts": [ + { + "id": "r5_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r6", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r6", + "class": "CAC_IMPORT", + "title": "Protecting Kernel Command Line Parameters", + "params": [], + "props": [ + { + "name": "label", + "value": "R6" + }, + { + "name": "sort-id", + "value": "r6" + } + ], + "parts": [ + { + "id": "r6_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r7", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r7", + "class": "CAC_IMPORT", + "title": "Iommu Configuration Guidelines", + "params": [], + "props": [ + { + "name": "label", + "value": "R7" + }, + { + "name": "sort-id", + "value": "r7" + } + ], + "parts": [ + { + "id": "r7_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r8", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r8", + "class": "CAC_IMPORT", + "title": "Memory Configuration Options", + "params": [], + "props": [ + { + "name": "label", + "value": "R8" + }, + { + "name": "sort-id", + "value": "r8" + } + ], + "parts": [] + } + ] + }, + { + "id": "r9", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r9", + "class": "CAC_IMPORT", + "title": "Kernel Configuration Options", + "params": [], + "props": [ + { + "name": "label", + "value": "R9" + }, + { + "name": "sort-id", + "value": "r9" + } + ], + "parts": [] + } + ] + }, + { + "id": "r10", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r10", + "class": "CAC_IMPORT", + "title": "Disabling The Loading Of Kernel Modules", + "params": [], + "props": [ + { + "name": "label", + "value": "R10" + }, + { + "name": "sort-id", + "value": "r10" + } + ], + "parts": [ + { + "id": "r10_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r11", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r11", + "class": "CAC_IMPORT", + "title": "Yama Module Sysctl Configuration", + "params": [], + "props": [ + { + "name": "label", + "value": "R11" + }, + { + "name": "sort-id", + "value": "r11" + } + ], + "parts": [ + { + "id": "r11_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r12", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r12", + "class": "CAC_IMPORT", + "title": "Ipv4 Configuration Options", + "params": [], + "props": [ + { + "name": "label", + "value": "R12" + }, + { + "name": "sort-id", + "value": "r12" + } + ], + "parts": [] + } + ] + }, + { + "id": "r13", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r13", + "class": "CAC_IMPORT", + "title": "Disabling Ipv6", + "params": [], + "props": [ + { + "name": "label", + "value": "R13" + }, + { + "name": "sort-id", + "value": "r13" + } + ], + "parts": [] + } + ] + }, + { + "id": "r14", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r14", + "class": "CAC_IMPORT", + "title": "File System Configuration Options", + "params": [], + "props": [ + { + "name": "label", + "value": "R14" + }, + { + "name": "sort-id", + "value": "r14" + } + ], + "parts": [] + } + ] + }, + { + "id": "r15", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r15", + "class": "CAC_IMPORT", + "title": "Compile Options For Memory Management", + "params": [], + "props": [ + { + "name": "label", + "value": "R15" + }, + { + "name": "sort-id", + "value": "r15" + } + ], + "parts": [] + } + ] + }, + { + "id": "r16", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r16", + "class": "CAC_IMPORT", + "title": "Compile Options For Kernel Data Structures", + "params": [], + "props": [ + { + "name": "label", + "value": "R16" + }, + { + "name": "sort-id", + "value": "r16" + } + ], + "parts": [] + } + ] + }, + { + "id": "r17", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r17", + "class": "CAC_IMPORT", + "title": "Compile Options For The Memory Allocator", + "params": [], + "props": [ + { + "name": "label", + "value": "R17" + }, + { + "name": "sort-id", + "value": "r17" + } + ], + "parts": [] + } + ] + }, + { + "id": "r18", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r18", + "class": "CAC_IMPORT", + "title": "Compile Options For The Management Of Kernel Module", + "params": [], + "props": [ + { + "name": "label", + "value": "R18" + }, + { + "name": "sort-id", + "value": "r18" + } + ], + "parts": [] + } + ] + }, + { + "id": "r19", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r19", + "class": "CAC_IMPORT", + "title": "Compile Options For Abnormal Situations", + "params": [], + "props": [ + { + "name": "label", + "value": "R19" + }, + { + "name": "sort-id", + "value": "r19" + } + ], + "parts": [] + } + ] + }, + { + "id": "r20", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r20", + "class": "CAC_IMPORT", + "title": "Compile Options For Kernel Security Functions", + "params": [], + "props": [ + { + "name": "label", + "value": "R20" + }, + { + "name": "sort-id", + "value": "r20" + } + ], + "parts": [] + } + ] + }, + { + "id": "r21", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r21", + "class": "CAC_IMPORT", + "title": "Compile Options For The Compiler Plugins", + "params": [], + "props": [ + { + "name": "label", + "value": "R21" + }, + { + "name": "sort-id", + "value": "r21" + } + ], + "parts": [] + } + ] + }, + { + "id": "r22", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r22", + "class": "CAC_IMPORT", + "title": "Compile Options For The Ip Stack", + "params": [], + "props": [ + { + "name": "label", + "value": "R22" + }, + { + "name": "sort-id", + "value": "r22" + } + ], + "parts": [] + } + ] + }, + { + "id": "r23", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r23", + "class": "CAC_IMPORT", + "title": "Compile Options For Various Kernel Behaviors", + "params": [], + "props": [ + { + "name": "label", + "value": "R23" + }, + { + "name": "sort-id", + "value": "r23" + } + ], + "parts": [] + } + ] + }, + { + "id": "r24", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r24", + "class": "CAC_IMPORT", + "title": "Compile Options For 32-Bit Architectures", + "params": [], + "props": [ + { + "name": "label", + "value": "R24" + }, + { + "name": "sort-id", + "value": "r24" + } + ], + "parts": [] + } + ] + }, + { + "id": "r25", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r25", + "class": "CAC_IMPORT", + "title": "Compile Options For X86_64 Architectures", + "params": [], + "props": [ + { + "name": "label", + "value": "R25" + }, + { + "name": "sort-id", + "value": "r25" + } + ], + "parts": [] + } + ] + }, + { + "id": "r26", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r26", + "class": "CAC_IMPORT", + "title": "Compile Options For Arm Architectures", + "params": [], + "props": [ + { + "name": "label", + "value": "R26" + }, + { + "name": "sort-id", + "value": "r26" + } + ], + "parts": [] + } + ] + }, + { + "id": "r27", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r27", + "class": "CAC_IMPORT", + "title": "Compile Options For Arm 64 Architectures", + "params": [], + "props": [ + { + "name": "label", + "value": "R27" + }, + { + "name": "sort-id", + "value": "r27" + } + ], + "parts": [] + } + ] + }, + { + "id": "r28", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r28", + "class": "CAC_IMPORT", + "title": "Partitioning Type", + "params": [], + "props": [ + { + "name": "label", + "value": "R28" + }, + { + "name": "sort-id", + "value": "r28" + } + ], + "parts": [] + } + ] + }, + { + "id": "r29", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r29", + "class": "CAC_IMPORT", + "title": "Access Restrictions On /Boot", + "params": [], + "props": [ + { + "name": "label", + "value": "R29" + }, + { + "name": "sort-id", + "value": "r29" + } + ], + "parts": [ + { + "id": "r29_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r30", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r30", + "class": "CAC_IMPORT", + "title": "Removal Of Unused User Accounts", + "params": [], + "props": [ + { + "name": "label", + "value": "R30" + }, + { + "name": "sort-id", + "value": "r30" + } + ], + "parts": [ + { + "id": "r30_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r31", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r31", + "class": "CAC_IMPORT", + "title": "User Password Strength", + "params": [], + "props": [ + { + "name": "label", + "value": "R31" + }, + { + "name": "sort-id", + "value": "r31" + } + ], + "parts": [] + } + ] + }, + { + "id": "r32", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r32", + "class": "CAC_IMPORT", + "title": "Configuring A Timeout On Local User Sessions", + "params": [], + "props": [ + { + "name": "label", + "value": "R32" + }, + { + "name": "sort-id", + "value": "r32" + } + ], + "parts": [ + { + "id": "r32_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r33", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r33", + "class": "CAC_IMPORT", + "title": "Use Of Dedicated Administration Accounts", + "params": [], + "props": [ + { + "name": "label", + "value": "R33" + }, + { + "name": "sort-id", + "value": "r33" + } + ], + "parts": [] + } + ] + }, + { + "id": "r34", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r34", + "class": "CAC_IMPORT", + "title": "Deactivation Of Service Accounts", + "params": [], + "props": [ + { + "name": "label", + "value": "R34" + }, + { + "name": "sort-id", + "value": "r34" + } + ], + "parts": [] + } + ] + }, + { + "id": "r35", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r35", + "class": "CAC_IMPORT", + "title": "Uniqueness And Exclusivity Of System Service Accounts", + "params": [], + "props": [ + { + "name": "label", + "value": "R35" + }, + { + "name": "sort-id", + "value": "r35" + } + ], + "parts": [ + { + "id": "r35_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r36", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r36", + "class": "CAC_IMPORT", + "title": "Changing The Default Value Of Umask", + "params": [], + "props": [ + { + "name": "label", + "value": "R36" + }, + { + "name": "sort-id", + "value": "r36" + } + ], + "parts": [ + { + "id": "r36_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r37", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r37", + "class": "CAC_IMPORT", + "title": "Using Access Control Features", + "params": [], + "props": [ + { + "name": "label", + "value": "R37" + }, + { + "name": "sort-id", + "value": "r37" + } + ], + "parts": [ + { + "id": "r37_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r38", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r38", + "class": "CAC_IMPORT", + "title": "Group Dedicated To The Use Of Sudo", + "params": [], + "props": [ + { + "name": "label", + "value": "R38" + }, + { + "name": "sort-id", + "value": "r38" + } + ], + "parts": [ + { + "id": "r38_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r39", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r39", + "class": "CAC_IMPORT", + "title": "Sudo Configuration Guidelines", + "params": [], + "props": [ + { + "name": "label", + "value": "R39" + }, + { + "name": "sort-id", + "value": "r39" + } + ], + "parts": [] + } + ] + }, + { + "id": "r40", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r40", + "class": "CAC_IMPORT", + "title": "Privileges Of Target Sudo Users", + "params": [], + "props": [ + { + "name": "label", + "value": "R40" + }, + { + "name": "sort-id", + "value": "r40" + } + ], + "parts": [ + { + "id": "r40_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r41", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r41", + "class": "CAC_IMPORT", + "title": "Limiting The Number Of Commands Requiring The Use Of The Exec Option", + "params": [], + "props": [ + { + "name": "label", + "value": "R41" + }, + { + "name": "sort-id", + "value": "r41" + } + ], + "parts": [ + { + "id": "r41_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r42", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r42", + "class": "CAC_IMPORT", + "title": "Good Use Of Negation In A Sudoers File", + "params": [], + "props": [ + { + "name": "label", + "value": "R42" + }, + { + "name": "sort-id", + "value": "r42" + } + ], + "parts": [ + { + "id": "r42_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r43", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r43", + "class": "CAC_IMPORT", + "title": "Explicit Arguments In Sudo Specifications", + "params": [], + "props": [ + { + "name": "label", + "value": "R43" + }, + { + "name": "sort-id", + "value": "r43" + } + ], + "parts": [] + } + ] + }, + { + "id": "r44", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r44", + "class": "CAC_IMPORT", + "title": "Editing Files With Sudo", + "params": [], + "props": [ + { + "name": "label", + "value": "R44" + }, + { + "name": "sort-id", + "value": "r44" + } + ], + "parts": [ + { + "id": "r44_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r45", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r45", + "class": "CAC_IMPORT", + "title": "Enable Apparmor Security Profiles", + "params": [], + "props": [ + { + "name": "label", + "value": "R45" + }, + { + "name": "sort-id", + "value": "r45" + } + ], + "parts": [ + { + "id": "r45_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r46", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r46", + "class": "CAC_IMPORT", + "title": "Activate Selinux With The Targeted Policy", + "params": [], + "props": [ + { + "name": "label", + "value": "R46" + }, + { + "name": "sort-id", + "value": "r46" + } + ], + "parts": [ + { + "id": "r46_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r47", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r47", + "class": "CAC_IMPORT", + "title": "Containment Of Unprivileged Interactive Users", + "params": [], + "props": [ + { + "name": "label", + "value": "R47" + }, + { + "name": "sort-id", + "value": "r47" + } + ], + "parts": [ + { + "id": "r47_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r48", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r48", + "class": "CAC_IMPORT", + "title": "Setting Selinux Booleans", + "params": [], + "props": [ + { + "name": "label", + "value": "R48" + }, + { + "name": "sort-id", + "value": "r48" + } + ], + "parts": [ + { + "id": "r48_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r49", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r49", + "class": "CAC_IMPORT", + "title": "Uninstalling Selinux Policy Debugging Tools", + "params": [], + "props": [ + { + "name": "label", + "value": "R49" + }, + { + "name": "sort-id", + "value": "r49" + } + ], + "parts": [ + { + "id": "r49_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r50", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r50", + "class": "CAC_IMPORT", + "title": "Rights To Access Sensitive Files And Directories", + "params": [], + "props": [ + { + "name": "label", + "value": "R50" + }, + { + "name": "sort-id", + "value": "r50" + } + ], + "parts": [] + } + ] + }, + { + "id": "r51", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r51", + "class": "CAC_IMPORT", + "title": "Sensitive And Trusted Files", + "params": [], + "props": [ + { + "name": "label", + "value": "R51" + }, + { + "name": "sort-id", + "value": "r51" + } + ], + "parts": [ + { + "id": "r51_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r52", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r52", + "class": "CAC_IMPORT", + "title": "Securing Access For Named Sockets And Pipes", + "params": [], + "props": [ + { + "name": "label", + "value": "R52" + }, + { + "name": "sort-id", + "value": "r52" + } + ], + "parts": [] + } + ] + }, + { + "id": "r53", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r53", + "class": "CAC_IMPORT", + "title": "Files Or Directories Without A Known User Or Group", + "params": [], + "props": [ + { + "name": "label", + "value": "R53" + }, + { + "name": "sort-id", + "value": "r53" + } + ], + "parts": [] + } + ] + }, + { + "id": "r54", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r54", + "class": "CAC_IMPORT", + "title": "Sticky Bit And Write Access Rights", + "params": [], + "props": [ + { + "name": "label", + "value": "R54" + }, + { + "name": "sort-id", + "value": "r54" + } + ], + "parts": [] + } + ] + }, + { + "id": "r55", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r55", + "class": "CAC_IMPORT", + "title": "Temporary Directories Dedicated To Accounts", + "params": [], + "props": [ + { + "name": "label", + "value": "R55" + }, + { + "name": "sort-id", + "value": "r55" + } + ], + "parts": [ + { + "id": "r55_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r56", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r56", + "class": "CAC_IMPORT", + "title": "Executables With Setuid And Setgid Bits", + "params": [], + "props": [ + { + "name": "label", + "value": "R56" + }, + { + "name": "sort-id", + "value": "r56" + } + ], + "parts": [] + } + ] + }, + { + "id": "r57", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r57", + "class": "CAC_IMPORT", + "title": "Executable With Special Rights Setuid Root And Setgid Root", + "params": [], + "props": [ + { + "name": "label", + "value": "R57" + }, + { + "name": "sort-id", + "value": "r57" + } + ], + "parts": [ + { + "id": "r57_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r58", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r58", + "class": "CAC_IMPORT", + "title": "Installation Of Packages Reduced To The Bare Necessities", + "params": [], + "props": [ + { + "name": "label", + "value": "R58" + }, + { + "name": "sort-id", + "value": "r58" + } + ], + "parts": [ + { + "id": "r58_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r59", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r59", + "class": "CAC_IMPORT", + "title": "Official Package Repositories", + "params": [], + "props": [ + { + "name": "label", + "value": "R59" + }, + { + "name": "sort-id", + "value": "r59" + } + ], + "parts": [ + { + "id": "r59_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r60", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r60", + "class": "CAC_IMPORT", + "title": "Hardened Package Repositories", + "params": [], + "props": [ + { + "name": "label", + "value": "R60" + }, + { + "name": "sort-id", + "value": "r60" + } + ], + "parts": [ + { + "id": "r60_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r61", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r61", + "class": "CAC_IMPORT", + "title": "Regular Updates", + "params": [], + "props": [ + { + "name": "label", + "value": "R61" + }, + { + "name": "sort-id", + "value": "r61" + } + ], + "parts": [] + } + ] + }, + { + "id": "r62", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r62", + "class": "CAC_IMPORT", + "title": "Minimization Of Installed Services", + "params": [], + "props": [ + { + "name": "label", + "value": "R62" + }, + { + "name": "sort-id", + "value": "r62" + } + ], + "parts": [ + { + "id": "r62_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r63", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r63", + "class": "CAC_IMPORT", + "title": "Minimization Of Services Configuration", + "params": [], + "props": [ + { + "name": "label", + "value": "R63" + }, + { + "name": "sort-id", + "value": "r63" + } + ], + "parts": [ + { + "id": "r63_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r64", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r64", + "class": "CAC_IMPORT", + "title": "Least Privilege For The Services", + "params": [], + "props": [ + { + "name": "label", + "value": "R64" + }, + { + "name": "sort-id", + "value": "r64" + } + ], + "parts": [ + { + "id": "r64_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r65", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r65", + "class": "CAC_IMPORT", + "title": "Services Partitioning", + "params": [], + "props": [ + { + "name": "label", + "value": "R65" + }, + { + "name": "sort-id", + "value": "r65" + } + ], + "parts": [] + } + ] + }, + { + "id": "r66", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r66", + "class": "CAC_IMPORT", + "title": "Virtualization Components Hardening", + "params": [], + "props": [ + { + "name": "label", + "value": "R66" + }, + { + "name": "sort-id", + "value": "r66" + } + ], + "parts": [ + { + "id": "r66_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r67", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r67", + "class": "CAC_IMPORT", + "title": "Secure Remote Authentication With Pam", + "params": [], + "props": [ + { + "name": "label", + "value": "R67" + }, + { + "name": "sort-id", + "value": "r67" + } + ], + "parts": [ + { + "id": "r67_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r68", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r68", + "class": "CAC_IMPORT", + "title": "Protecting Stored Passwords", + "params": [], + "props": [ + { + "name": "label", + "value": "R68" + }, + { + "name": "sort-id", + "value": "r68" + } + ], + "parts": [ + { + "id": "r68_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r69", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r69", + "class": "CAC_IMPORT", + "title": "Securing Access To Remote User Databases", + "params": [], + "props": [ + { + "name": "label", + "value": "R69" + }, + { + "name": "sort-id", + "value": "r69" + } + ], + "parts": [ + { + "id": "r69_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r70", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r70", + "class": "CAC_IMPORT", + "title": "Separation Of System Accounts And Directory Administrator", + "params": [], + "props": [ + { + "name": "label", + "value": "R70" + }, + { + "name": "sort-id", + "value": "r70" + } + ], + "parts": [] + } + ] + }, + { + "id": "r71", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r71", + "class": "CAC_IMPORT", + "title": "Implement A Logging System", + "params": [], + "props": [ + { + "name": "label", + "value": "R71" + }, + { + "name": "sort-id", + "value": "r71" + } + ], + "parts": [ + { + "id": "r71_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r72", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r72", + "class": "CAC_IMPORT", + "title": "Service Activity Logs", + "params": [], + "props": [ + { + "name": "label", + "value": "R72" + }, + { + "name": "sort-id", + "value": "r72" + } + ], + "parts": [ + { + "id": "r72_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r73", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r73", + "class": "CAC_IMPORT", + "title": "Logging Activity By Auditd", + "params": [], + "props": [ + { + "name": "label", + "value": "R73" + }, + { + "name": "sort-id", + "value": "r73" + } + ], + "parts": [ + { + "id": "r73_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r74", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r74", + "class": "CAC_IMPORT", + "title": "Configuring The Local Messaging Service", + "params": [], + "props": [ + { + "name": "label", + "value": "R74" + }, + { + "name": "sort-id", + "value": "r74" + } + ], + "parts": [] + } + ] + }, + { + "id": "r75", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r75", + "class": "CAC_IMPORT", + "title": "Messaging Aliases For Service Accounts", + "params": [], + "props": [ + { + "name": "label", + "value": "R75" + }, + { + "name": "sort-id", + "value": "r75" + } + ], + "parts": [] + } + ] + }, + { + "id": "r76", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r76", + "class": "CAC_IMPORT", + "title": "Sealing And Integrity Of Files", + "params": [], + "props": [ + { + "name": "label", + "value": "R76" + }, + { + "name": "sort-id", + "value": "r76" + } + ], + "parts": [ + { + "id": "r76_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r77", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r77", + "class": "CAC_IMPORT", + "title": "Protection Of The Seals Database", + "params": [], + "props": [ + { + "name": "label", + "value": "R77" + }, + { + "name": "sort-id", + "value": "r77" + } + ], + "parts": [ + { + "id": "r77_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r78", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r78", + "class": "CAC_IMPORT", + "title": "Network Services Partitioning", + "params": [], + "props": [ + { + "name": "label", + "value": "R78" + }, + { + "name": "sort-id", + "value": "r78" + } + ], + "parts": [ + { + "id": "r78_smt", + "name": "statement" + } + ] + } + ] + }, + { + "id": "r79", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r79", + "class": "CAC_IMPORT", + "title": "Hardening And Monitoring Of Exposed Services", + "params": [], + "props": [ + { + "name": "label", + "value": "R79" + }, + { + "name": "sort-id", + "value": "r79" + } + ], + "parts": [] + } + ] + }, + { + "id": "r80", + "title": "REPLACE_ME", + "controls": [ + { + "id": "r80", + "class": "CAC_IMPORT", + "title": "Minimization Of Network Services", + "params": [], + "props": [ + { + "name": "label", + "value": "R80" + }, + { + "name": "sort-id", + "value": "r80" + } + ], + "parts": [ + { + "id": "r80_smt", + "name": "statement" + } + ] + } + ] + } + ] + } +} \ No newline at end of file From d4d0394e31a9ff45c5a638d02b11d12d0e947570 Mon Sep 17 00:00:00 2001 From: jpower432 Date: Tue, 4 Mar 2025 16:38:54 +0000 Subject: [PATCH 2/3] Automatic updates from trestlebot! --- profiles/anssi-enhanced/profile.json | 86 ++++++++++++++++++ profiles/anssi-high/profile.json | 108 +++++++++++++++++++++++ profiles/anssi-intermediary/profile.json | 68 ++++++++++++++ profiles/anssi-minimal/profile.json | 39 ++++++++ 4 files changed, 301 insertions(+) create mode 100644 profiles/anssi-enhanced/profile.json create mode 100644 profiles/anssi-high/profile.json create mode 100644 profiles/anssi-intermediary/profile.json create mode 100644 profiles/anssi-minimal/profile.json diff --git a/profiles/anssi-enhanced/profile.json b/profiles/anssi-enhanced/profile.json new file mode 100644 index 000000000..e6907b7fc --- /dev/null +++ b/profiles/anssi-enhanced/profile.json @@ -0,0 +1,86 @@ +{ + "profile": { + "uuid": "5a556404-8af8-4458-a19a-13213e80f89c", + "metadata": { + "title": "anssi-enhanced", + "last-modified": "2025-03-04T16:38:54.660787+00:00", + "version": "REPLACE_ME", + "oscal-version": "1.1.2" + }, + "imports": [ + { + "href": "trestle:///__w/oscal-content/oscal-content/complytime-content/catalogs/anssi/catalog.json", + "include-controls": [ + { + "with-ids": [ + "r1", + "r10", + "r11", + "r12", + "r13", + "r14", + "r2", + "r28", + "r29", + "r3", + "r30", + "r31", + "r32", + "r33", + "r34", + "r35", + "r36", + "r37", + "r38", + "r39", + "r40", + "r41", + "r42", + "r43", + "r44", + "r45", + "r5", + "r50", + "r51", + "r52", + "r53", + "r54", + "r55", + "r56", + "r57", + "r58", + "r59", + "r60", + "r61", + "r62", + "r63", + "r64", + "r65", + "r67", + "r68", + "r69", + "r7", + "r70", + "r71", + "r72", + "r73", + "r74", + "r75", + "r78", + "r79", + "r8", + "r80", + "r9" + ] + } + ] + } + ], + "merge": { + "combine": { + "method": "merge" + }, + "as-is": true + } + } +} \ No newline at end of file diff --git a/profiles/anssi-high/profile.json b/profiles/anssi-high/profile.json new file mode 100644 index 000000000..01948fcb0 --- /dev/null +++ b/profiles/anssi-high/profile.json @@ -0,0 +1,108 @@ +{ + "profile": { + "uuid": "974a82a7-ed3a-4cca-b771-19c798e24d98", + "metadata": { + "title": "anssi-high", + "last-modified": "2025-03-04T16:38:54.663006+00:00", + "version": "REPLACE_ME", + "oscal-version": "1.1.2" + }, + "imports": [ + { + "href": "trestle:///__w/oscal-content/oscal-content/complytime-content/catalogs/anssi/catalog.json", + "include-controls": [ + { + "with-ids": [ + "r1", + "r10", + "r11", + "r12", + "r13", + "r14", + "r15", + "r16", + "r17", + "r18", + "r19", + "r2", + "r20", + "r21", + "r22", + "r23", + "r24", + "r25", + "r26", + "r27", + "r28", + "r29", + "r3", + "r30", + "r31", + "r32", + "r33", + "r34", + "r35", + "r36", + "r37", + "r38", + "r39", + "r4", + "r40", + "r41", + "r42", + "r43", + "r44", + "r45", + "r46", + "r47", + "r48", + "r49", + "r5", + "r50", + "r51", + "r52", + "r53", + "r54", + "r55", + "r56", + "r57", + "r58", + "r59", + "r6", + "r60", + "r61", + "r62", + "r63", + "r64", + "r65", + "r66", + "r67", + "r68", + "r69", + "r7", + "r70", + "r71", + "r72", + "r73", + "r74", + "r75", + "r76", + "r77", + "r78", + "r79", + "r8", + "r80", + "r9" + ] + } + ] + } + ], + "merge": { + "combine": { + "method": "merge" + }, + "as-is": true + } + } +} \ No newline at end of file diff --git a/profiles/anssi-intermediary/profile.json b/profiles/anssi-intermediary/profile.json new file mode 100644 index 000000000..d7621dc94 --- /dev/null +++ b/profiles/anssi-intermediary/profile.json @@ -0,0 +1,68 @@ +{ + "profile": { + "uuid": "ff63c971-0268-4236-98eb-2ff4c35c34ef", + "metadata": { + "title": "anssi-intermediary", + "last-modified": "2025-03-04T16:38:54.665522+00:00", + "version": "REPLACE_ME", + "oscal-version": "1.1.2" + }, + "imports": [ + { + "href": "trestle:///__w/oscal-content/oscal-content/complytime-content/catalogs/anssi/catalog.json", + "include-controls": [ + { + "with-ids": [ + "r11", + "r12", + "r13", + "r14", + "r2", + "r28", + "r3", + "r30", + "r31", + "r32", + "r33", + "r34", + "r35", + "r39", + "r40", + "r42", + "r43", + "r44", + "r5", + "r50", + "r52", + "r53", + "r54", + "r55", + "r56", + "r58", + "r59", + "r61", + "r62", + "r63", + "r67", + "r68", + "r69", + "r70", + "r74", + "r75", + "r79", + "r8", + "r80", + "r9" + ] + } + ] + } + ], + "merge": { + "combine": { + "method": "merge" + }, + "as-is": true + } + } +} \ No newline at end of file diff --git a/profiles/anssi-minimal/profile.json b/profiles/anssi-minimal/profile.json new file mode 100644 index 000000000..b6672be6e --- /dev/null +++ b/profiles/anssi-minimal/profile.json @@ -0,0 +1,39 @@ +{ + "profile": { + "uuid": "97faa780-dbc1-4402-a105-a214248b4b5e", + "metadata": { + "title": "anssi-minimal", + "last-modified": "2025-03-04T16:38:54.664256+00:00", + "version": "REPLACE_ME", + "oscal-version": "1.1.2" + }, + "imports": [ + { + "href": "trestle:///__w/oscal-content/oscal-content/complytime-content/catalogs/anssi/catalog.json", + "include-controls": [ + { + "with-ids": [ + "r30", + "r31", + "r53", + "r54", + "r56", + "r58", + "r59", + "r61", + "r62", + "r68", + "r80" + ] + } + ] + } + ], + "merge": { + "combine": { + "method": "merge" + }, + "as-is": true + } + } +} \ No newline at end of file From 13c96b705fb5c3b183875becd7a87a0a713ddd72 Mon Sep 17 00:00:00 2001 From: jpower432 Date: Tue, 4 Mar 2025 16:42:23 +0000 Subject: [PATCH 3/3] Automatic updates from trestlebot! --- .../rhel9/component-definition.json | 19016 ++++++++++++++++ 1 file changed, 19016 insertions(+) create mode 100644 component-definitions/rhel9/component-definition.json diff --git a/component-definitions/rhel9/component-definition.json b/component-definitions/rhel9/component-definition.json new file mode 100644 index 000000000..f4d650497 --- /dev/null +++ b/component-definitions/rhel9/component-definition.json @@ -0,0 +1,19016 @@ +{ + "component-definition": { + "uuid": "d788e2be-7b66-4fcb-9672-ad1e910e3cc2", + "metadata": { + "title": "Component definition for rhel9", + "last-modified": "2025-03-04T16:42:23.323777+00:00", + "version": "1.0", + "oscal-version": "1.1.2" + }, + "components": [ + { + "uuid": "55b15c60-2954-4b5c-a5eb-c73b5a8b4be0", + "type": "software", + "title": "rhel9", + "description": "Red Hat Enterprise Linux 9", + "props": [ + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "enable_authselect", + "remarks": "rule_set_00" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Enable authselect", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_00" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_00" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_set_max_life_root", + "remarks": "rule_set_01" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Root Account Password Maximum Age", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_01" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_01" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_minlen", + "remarks": "rule_set_02" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Minimum Length", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_02" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_02" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_minlen", + "remarks": "rule_set_03" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Password Minimum Length", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_03" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_03" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_minlen_login_defs", + "remarks": "rule_set_04" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Password Minimum Length in login.defs", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_04" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_04" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_ocredit", + "remarks": "rule_set_05" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Minimum Special Characters", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_05" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_05" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_ocredit", + "remarks": "rule_set_06" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Password Strength Minimum Special Characters", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_06" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_06" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_dcredit", + "remarks": "rule_set_07" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Password Strength Minimum Digit Characters", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_07" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_07" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_dcredit", + "remarks": "rule_set_08" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Minimum Digit Characters", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_08" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_08" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_ucredit", + "remarks": "rule_set_09" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_09" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_09" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_ucredit", + "remarks": "rule_set_10" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Password Strength Minimum Uppercase Characters", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_10" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_10" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_lcredit", + "remarks": "rule_set_11" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Password Strength Minimum Lowercase Characters", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_11" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_11" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_lcredit", + "remarks": "rule_set_12" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_12" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_12" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_interval", + "remarks": "rule_set_13" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Interval For Counting Failed Password Attempts", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_13" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_13" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_14" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Lock Accounts After Failed Password Attempts", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_14" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_14" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_deny_root", + "remarks": "rule_set_15" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Configure the root Account for Failed Password Attempts", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_15" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_15" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_tally2_deny_root", + "remarks": "rule_set_16" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Configure the root Account lock for Failed Password Attempts via pam_tally2", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_16" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_16" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_tally2", + "remarks": "rule_set_17" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Deny For Failed Password Attempts", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_17" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_17" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_18" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Lockout Time for Failed Password Attempts using pam_tally2", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_18" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_18" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_19" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set Lockout Time for Failed Password Attempts", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_19" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_19" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_unix_remember", + "remarks": "rule_set_20" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Limit Password Reuse", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_20" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_20" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_ungroupowned", + "remarks": "rule_set_21" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure All Files Are Owned by a Group", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_21" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_21" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "no_files_unowned_by_user", + "remarks": "rule_set_22" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure All Files Are Owned by a User", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_22" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_22" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dir_perms_world_writable_sticky_bits", + "remarks": "rule_set_23" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Verify that All World-Writable Directories Have Sticky Bits Set", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_23" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_23" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dir_perms_world_writable_root_owned", + "remarks": "rule_set_24" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure All World-Writable Directories Are Owned by root User", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_24" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_24" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_unauthorized_world_writable", + "remarks": "rule_set_25" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure No World-Writable Files Exist", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_25" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_25" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_unauthorized_suid", + "remarks": "rule_set_26" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure All SUID Executables Are Authorized", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_26" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_26" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_unauthorized_sgid", + "remarks": "rule_set_27" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure All SGID Executables Are Authorized", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_27" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_27" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_gpgcheck_never_disabled", + "remarks": "rule_set_28" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure gpgcheck Enabled for All dnf Package Repositories", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_28" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_28" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_gpgcheck_globally_activated", + "remarks": "rule_set_29" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure gpgcheck Enabled In Main dnf Configuration", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_29" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_29" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_gpgcheck_local_packages", + "remarks": "rule_set_30" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure gpgcheck Enabled for Local Packages", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_30" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_30" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_redhat_gpgkey_installed", + "remarks": "rule_set_31" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure Red Hat GPG Key Installed", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_31" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_31" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_oracle_gpgkey_installed", + "remarks": "rule_set_32" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure Oracle Linux GPG Key Installed", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_32" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_32" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_almalinux_gpgkey_installed", + "remarks": "rule_set_33" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure AlmaLinux GPG Key Installed", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_33" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_33" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "security_patches_up_to_date", + "remarks": "rule_set_34" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure Software Patches Installed", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_34" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_34" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_dnf-automatic_installed", + "remarks": "rule_set_35" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Install dnf-automatic Package", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_35" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_35" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "timer_dnf-automatic_enabled", + "remarks": "rule_set_36" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Enable dnf-automatic Timer", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_36" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_36" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dnf-automatic_apply_updates", + "remarks": "rule_set_37" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Configure dnf-automatic to Install Available Updates Automatically", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_37" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_37" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dnf-automatic_security_updates_only", + "remarks": "rule_set_38" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Configure dnf-automatic to Install Only Security Updates", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_38" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_38" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_dhcp_removed", + "remarks": "rule_set_39" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall DHCP Server Package", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_39" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_39" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_kea_removed", + "remarks": "rule_set_40" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall kea Package", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_40" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_40" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_rsh_removed", + "remarks": "rule_set_41" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall rsh Package", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_41" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_41" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_rsh-server_removed", + "remarks": "rule_set_042" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall rsh-server Package", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_042" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_042" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_sendmail_removed", + "remarks": "rule_set_043" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall Sendmail Package", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_043" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_043" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_talk_removed", + "remarks": "rule_set_044" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall talk Package", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_044" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_044" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_talk-server_removed", + "remarks": "rule_set_045" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall talk-server Package", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_045" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_045" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_telnet_removed", + "remarks": "rule_set_046" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Remove telnet Clients", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_046" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_046" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_telnet-server_removed", + "remarks": "rule_set_047" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall telnet-server Package", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_047" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_047" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_tftp_removed", + "remarks": "rule_set_048" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Remove tftp Daemon", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_048" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_048" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_tftp-server_removed", + "remarks": "rule_set_049" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall tftp-server Package", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_049" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_049" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_xinetd_removed", + "remarks": "rule_set_050" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall xinetd Package", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_050" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_050" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_ypbind_removed", + "remarks": "rule_set_051" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Remove NIS Client", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_051" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_051" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_ypserv_removed", + "remarks": "rule_set_052" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Uninstall ypserv Package", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_052" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_052" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "set_password_hashing_algorithm_systemauth", + "remarks": "rule_set_053" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set PAM''s Password Hashing Algorithm", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_053" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_053" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_unix_rounds_system_auth", + "remarks": "rule_set_054" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set number of Password Hashing Rounds - system-auth", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_054" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_054" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_unix_rounds_password_auth", + "remarks": "rule_set_055" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Set number of Password Hashing Rounds - password-auth", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_055" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_055" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_minclass", + "remarks": "rule_set_056" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Minimum Different Categories", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_056" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_056" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_retry", + "remarks": "rule_set_057" + }, + { + "name": "Rule_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_maximum_age_root", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Maximum age of password in days for the root account", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{365: 365, 'default': 99999}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_password_minlen_login_defs", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 8: 8, 'default': 15}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_deny", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts before account lockout", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 3: 3, 4: 4, 5: 5, 6: 6, 8: 8, 'default': 3}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_fail_interval", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Interval for counting failed login attempts before account lockout", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{100000000: 100000000, 1800: 1800, 3600: 3600, 86400: 86400, 900: 900, 'default': 900}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_faillock_unlock_time", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 300: 300, 'default': 0, 'never': 0}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_accounts_passwords_pam_tally2_unlock_time", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Seconds before automatic unlocking or permanently locking after excessive failed logins", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1800: 1800, 3600: 3600, 600: 600, 604800: 604800, 86400: 86400, 900: 900, 'default': 0, 'never': 0}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the value set as ENCRYPT_METHOD in /etc/login.defs.", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'SHA512', 'SHA512': 'SHA512', 'SHA256': 'SHA256', 'yescrypt': 'YESCRYPT', 'cis_ubuntu2404': 'SHA512|YESCRYPT'}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_hashing_algorithm_pam", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the system default encryption algorithm for encrypting passwords. Defines the hashing algorithm to be used in pam_unix.so.", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 'sha512', 'sha512': 'sha512', 'yescrypt': 'yescrypt'}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_dcredit", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of digits in password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_lcredit", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of lower case in password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minclass", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of categories of characters that must exist in a password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 'default': 3}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_minlen", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of characters in password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{10: 10, 12: 12, 14: 14, 15: 15, 17: 17, 18: 18, 20: 20, 6: 6, 7: 7, 8: 8, 'default': 15}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ocredit", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of other (special characters) in password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_tally2", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Number of failed login attempts", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{1: 1, 2: 2, 3: 3, 4: 4, 5: 5, 10: 10, 'default': 3}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_ucredit", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Minimum number of upper case in password", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 1: -1, 2: -2, 'default': -1}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_remember", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "The last n passwords for each user are saved in /etc/security/opasswd in order to force password change history and keep the user from alternating between the same password too frequently.", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'0': '0', 10: 10, 24: 24, 2: 2, 4: 4, 5: 5, 'default': 5}", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "var_password_pam_unix_rounds", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Description", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "Specify the number of rounds for the system password encryption algorithm. Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth", + "remarks": "rule_set_057" + }, + { + "name": "Parameter_Value_Alternatives", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "{'default': 5000, 5000: 5000, 65536: 65536, 100000: 100000, 11: 11, 5: 5}", + "remarks": "rule_set_057" + } + ], + "control-implementations": [ + { + "uuid": "5b09f7e8-f53d-47b8-b81c-39bc6b02970e", + "source": "trestle://profiles/anssi-minimal/profile.json", + "description": "REPLACE_ME", + "props": [ + { + "name": "Framework_Short_Name", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal", + "value": "anssi_bp28_minimal" + } + ], + "set-parameters": [ + { + "param-id": "var_accounts_maximum_age_root", + "values": [ + "365" + ] + }, + { + "param-id": "var_accounts_password_minlen_login_defs", + "values": [ + "15" + ] + }, + { + "param-id": "var_accounts_passwords_pam_faillock_deny", + "values": [ + "3" + ] + }, + { + "param-id": "var_accounts_passwords_pam_faillock_fail_interval", + "values": [ + "900" + ] + }, + { + "param-id": "var_accounts_passwords_pam_faillock_unlock_time", + "values": [ + "900" + ] + }, + { + "param-id": "var_accounts_passwords_pam_tally2_unlock_time", + "values": [ + "1800" + ] + }, + { + "param-id": "var_password_hashing_algorithm", + "values": [ + "SHA512" + ] + }, + { + "param-id": "var_password_hashing_algorithm_pam", + "values": [ + "sha512" + ] + }, + { + "param-id": "var_password_pam_dcredit", + "values": [ + "1" + ] + }, + { + "param-id": "var_password_pam_lcredit", + "values": [ + "1" + ] + }, + { + "param-id": "var_password_pam_minclass", + "values": [ + "4" + ] + }, + { + "param-id": "var_password_pam_minlen", + "values": [ + "15" + ] + }, + { + "param-id": "var_password_pam_ocredit", + "values": [ + "1" + ] + }, + { + "param-id": "var_password_pam_tally2", + "values": [ + "5" + ] + }, + { + "param-id": "var_password_pam_ucredit", + "values": [ + "1" + ] + }, + { + "param-id": "var_password_pam_unix_remember", + "values": [ + "2" + ] + }, + { + "param-id": "var_password_pam_unix_rounds", + "values": [ + "65536" + ] + } + ], + "implemented-requirements": [ + { + "uuid": "06f7ef45-eac5-4dac-ab69-96d9d502d7b7", + "control-id": "r30", + "description": "REPLACE_ME", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "alternative", + "remarks": "The definition of unused user accounts is broad. It can include accounts whose owners don't use the system anymore, or users created by services or applications that should not be used. Automation by itself cannot discern which accounts are used or not." + } + ] + }, + { + "uuid": "2b46b0ca-c6d7-4796-854d-a3024638eb17", + "control-id": "r31", + "description": "The rules selected below establish a general password strength baseline of 100 bits, based on the recommendations of the technical note \"Recommandations relatives à l'authentification multifacteur et aux mots de passe\" (https://cyber.gouv.fr/publications/recommandations-relatives-lauthentification-multifacteur-et-aux-mots-de-passe)\nThe baseline should be reviewed and tailored to the system's use case and needs.", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "enable_authselect" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_set_max_life_root" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_minlen" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_minlen" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_minlen_login_defs" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_ocredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_ocredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_dcredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_dcredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_ucredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_ucredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "cracklib_accounts_password_pam_lcredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_lcredit" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_interval" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_deny" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_deny_root" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_tally2_deny_root" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_tally2" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_tally2_unlock_time" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_passwords_pam_faillock_unlock_time" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_unix_remember" + } + ] + }, + { + "uuid": "f5680131-1cf1-4533-a86e-1942eeb3518a", + "control-id": "r53", + "description": "REPLACE_ME", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_ungroupowned" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "no_files_unowned_by_user" + } + ] + }, + { + "uuid": "61fd32d0-3e6d-4355-bbfe-b9beb68357de", + "control-id": "r54", + "description": "REPLACE_ME", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dir_perms_world_writable_sticky_bits" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dir_perms_world_writable_root_owned" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_unauthorized_world_writable" + } + ] + }, + { + "uuid": "0393444d-aca7-4834-a260-c815ddde8f78", + "control-id": "r56", + "description": "Only programs specifically designed to be used with setuid or setgid bits can have these privilege bits set. This requirement considers apropriate for setuid and setgid bits the binaries that are installed from recognized and authorized repositories (covered in R15). The remediation resets the sticky bit to intended value by vendor/developer, any finding after remediation should be reviewed.", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_unauthorized_suid" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "file_permissions_unauthorized_sgid" + } + ] + }, + { + "uuid": "d33ed740-7e8d-4ac6-a01f-b264bb3f1cc3", + "control-id": "r58", + "description": "REPLACE_ME", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "alternative", + "remarks": "It is not possible to automatically decide in general way if a package is required or not for given system. As a future improvement, there could be rules assisting assessment by listing the installed packages." + } + ] + }, + { + "uuid": "6db3f83d-fa7e-457b-80ca-7ef727b0844a", + "control-id": "r59", + "description": "It is not trivial to distinguish an official repository from an unofficial one. We cannot draw conclusions from the repo name or URL of the repo (as they can be arbitrary or behind a proxy). One approach to check the origin of installed packages is to check the signature of the packages. If the public key of a repository is not installed, the repo is not trusted.", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_gpgcheck_never_disabled" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_gpgcheck_globally_activated" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_gpgcheck_local_packages" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_redhat_gpgkey_installed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_oracle_gpgkey_installed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "ensure_almalinux_gpgkey_installed" + } + ] + }, + { + "uuid": "91405a49-baa9-4750-a639-c1cdf925b39c", + "control-id": "r61", + "description": "Check the vendor CVE feed and configure automatic install of security related updates.", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "security_patches_up_to_date" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_dnf-automatic_installed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "timer_dnf-automatic_enabled" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dnf-automatic_apply_updates" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "dnf-automatic_security_updates_only" + } + ] + }, + { + "uuid": "0caf7781-1838-4f80-8253-43b0edf6ef3f", + "control-id": "r62", + "description": "REPLACE_ME", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "alternative", + "remarks": "Performing a minimal install is a good starting point, but doesn't provide any assurance over any package installed later. Manual review is required to assess if the installed services are minimal. In general, use of obsolete or insecure services is not recommended and we remove some of these in this recommendation." + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_dhcp_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_kea_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_rsh_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_rsh-server_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_sendmail_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_talk_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_talk-server_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_telnet_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_telnet-server_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_tftp_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_tftp-server_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_xinetd_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_ypbind_removed" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "package_ypserv_removed" + } + ] + }, + { + "uuid": "20cad1fb-3070-426f-8a6d-226d8a5a7a27", + "control-id": "r68", + "description": "The selection of rules doesn't cover the use of hardware devices to protect the passwords.", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "implemented" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "set_password_hashing_algorithm_systemauth" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_unix_rounds_system_auth" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_unix_rounds_password_auth" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_minclass" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_minlen" + }, + { + "name": "Rule_Id", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "accounts_password_pam_retry" + } + ] + }, + { + "uuid": "bd34d8d3-f0a3-4ee9-8bf1-846678cb26de", + "control-id": "r80", + "description": "REPLACE_ME", + "props": [ + { + "name": "implementation-status", + "ns": "https://oscal-compass.github.io/compliance-trestle/schemas/oscal/cd", + "value": "alternative", + "remarks": "Manual review is necessary to decide if the list of resident daemons is minimal. Assisting rules could be created to list sevices listening on the network for manual review." + } + ] + } + ] + } + ] + } + ] + } +} \ No newline at end of file