Password complexity and minimum length enforcement

Use password complexity to help meet the requirements of IEEE 1686-2013 or NERC CIP-007-5.

Overview

Password complexity and minimum length settings help secure user access and support compliance with cybersecurity standards. These configurable options help to ensure that new or updated passwords meet defined criteria that align with best practices.

Standards compliance

Password complexity enforcement helps support compliance with:

• IEEE 1686-2013: Specifies cybersecurity capabilities for Intelligent Electronic Devices (IEDs), including strong user authentication.

• NERC CIP-007-5: Requires secure password practices as part of its system security management framework for critical infrastructure.

Note: While both standards recommend a minimum password length of 8 characters, ION devices allow a minimum of 6 characters when using IEEE 1686-2013 or NERC CIP-007-5.

Customizable minimum password length

Administrators can define the minimum number of characters required for new user passwords. This setting helps ensure that new passwords meet a minimum level of complexity, reducing the risk of unauthorized access.

Enforcement scope

Password complexity and length requirements apply only to newly created or updated passwords. Existing passwords remain valid until they are changed.