Nutanix OS must enforce a minimum 15-character password length.

The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. Using more characters in a password helps to exponentially increase the time and/or resources required to compromise the password.

Verify Nutanix OS is configured to enforce a minimum 15-character password length using the following command. $ sudo grep minlen /etc/security/pwquality.conf minlen = 15 If the command does not return a "minlen" value of 15 or greater, this is a finding.

Configure Nutanix OS to use complex password. 1. For AOS, enter the following command. $ sudo salt-call state.sls security/CVM/pamCVM.sls 2. For Prism Central, enter the following command. $ sudo salt-call state.sls security/PCVM/pamPCVM.sls 3. For Files, enter the following command. $ sudo salt-call state.sls security/AFS/pamAFS.sls 4. For AHV OS CVM, enter the following command. $ ncli cluster edit-hypervisor-security-params enable-high-strength-password=true