Infoblox systems must enforce current DoD password restrictions.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-233883 | SRG-APP-000516-DNS-000500 | IDNS-8X-400025 | SV-233883r961863_rule | 2025-03-11 | 1 |
| Description |
|---|
| The Infoblox systems must be configured to meet current DoD password policy when using the Infoblox Local User Database as the authentication source. |
| ℹ️ Check |
|---|
| 1. Navigate to Administration >> Administrators >> Authentication Policy. 2. If the only authentication type under "Authenticate users in this order" is "Local User Database", perform the following additional validation: 3. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration. 4. Select the "Password" tab. 5. Verify the settings are configured in accordance with current DoD Policy. If the Infoblox system is configured to use a remote authentication system (Active Directory, RADIUS, TACACS+, or LDAP) that enforces password policy, or the password settings meet current guidance, this is not a finding. |
| ✔️ Fix |
|---|
| 1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration. 2. Select the "Password" tab. 3. Configure the system with appropriate values for password length, complexity, and expiration requirements. |