Details

This checks all new passwords to ensure that they contain at least one base 10 digit (0 through 9).

Rationale:

This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity
Set Minimum Numeric Letters to greater than or equal to 1

Default Value:

Not enabled.

References:

‘PAN-OS Administrator’s Guide 9.0 (English) – Best Practices for Securing Administrative Access’ – https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/getting-started/best-practices-for-securing-administrative-access.html

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/2692

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Palo_Alto.

References

• 800-53|IA-5
• CSCv6|5
• CSCv6|5.3
• CSCv6|5.7
• CSCv6|16.12
• CSCv7|4.2
• CSCv7|16

Source

• Tenable.com/audits