From f68c57c246cf5001aa45deac41c9a1769e0b93ed Mon Sep 17 00:00:00 2001
From: Vojtech Polasek <vpolasek@redhat.com>
Date: Thu, 26 Sep 2024 16:51:41 +0200
Subject: [PATCH] update password length requirements for ism_o secret and top
 secret levels

---
 controls/ism_o.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/controls/ism_o.yml b/controls/ism_o.yml
index 995e2b3304a..d7ff460aade 100644
--- a/controls/ism_o.yml
+++ b/controls/ism_o.yml
@@ -62,6 +62,7 @@ controls:
             - sshd_max_auth_tries_value=5
             - sssd_enable_smartcards
             - var_password_pam_minlen=14
+            - var_accounts_password_minlen_login_defs=14
             - var_accounts_password_warn_age_login_defs=7
             - var_accounts_minimum_age_login_defs=1
             - var_accounts_maximum_age_login_defs=60
@@ -94,6 +95,8 @@ controls:
             - sshd_disable_kerb_auth
             - sshd_set_max_auth_tries
             - sssd_enable_smartcards
+            - var_password_pam_minlen=20
+            - var_accounts_password_minlen_login_defs=20
         status: automated
     -   id: '0484'
         title: 'SSH daemon configuration'
@@ -607,6 +610,8 @@ use of device access control software or by disabling external communication int
             - sshd_disable_kerb_auth
             - sshd_set_max_auth_tries
             - sssd_enable_smartcards
+            - var_password_pam_minlen=17
+            - var_accounts_password_minlen_login_defs=17
         status: partial
 
     -   id: '1558'