For local accounts using password authentication (i.e., the root account and the account of last resort), the Juniper SRX Services Gateway must enforce password complexity by setting the password change type to character sets.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-223218	SRG-APP-000166-NDM-000254	JUSX-DM-000129	SV-223218r1015753_rule	2024-12-20	3

Description
Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The password change-type command specifies whether a minimum number of character-sets or a minimum number of character-set transitions are enforced. The DOD requires this setting be set to character-sets.

Description

Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. The password change-type command specifies whether a minimum number of character-sets or a minimum number of character-set transitions are enforced. The DOD requires this setting be set to character-sets.

ℹ️ Check
Verify the default local password enforces password complexity by setting the password change type to character sets. [edit] show system login password If the password change-type is not set to character-sets, this is a finding.

✔️ Fix
Configure the default local password to enforce password complexity by setting the password change type to character sets. [edit] set system login password change-type character-sets