Fly Server must enforce a minimum 15-character password length.

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
mediumV-283929SRG-APP-000164FLYS-00-000065SV-283929r1206891_rule2026-06-151

Description

The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Use of more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.

ℹ️ Check

Fly Server must be integrated with Active Directory (AD) and Azure AD (AAD) for automated account management. Check the Fly Server Account Manager setting to verify AD Integration or AAD Integration is enabled: - Log on to Fly Server with an admin account. - On the Management >> Account Manager page, click "Authentication Manager". - Navigate to AD Integration or AAD Integration. - Verify the AD Integration or AAD Integration option is enabled. If the AD Integration or AAD Integration option is not enabled, this is a finding.

✔️ Fix

Configure the Fly Server Account Manager setting to ensure AD Integration or AAD Integration is enabled: - Log on to Fly Server with an admin account. - On the Management >> Account Manager page, click "Authentication Manager". - Navigate to AD Integration or AAD Integration. - Set the Action of AD Integration or AAD Integration to "Enable". - Add an AD domain after AD integration is enabled. - Save the setting. Add AD user/group or AAD user/group to Account Manager; realize automated mechanisms through AD or AAD account management functions.