Documentation for Open Vulnerability and Assessment Language (OVAL®)
Definition Type: Element
Name: passwordpolicy_item
Namespace: http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows
Type: oval-sc:ItemType
Containing Schema: windows-system-characteristics-schema.xsd
Abstract
Documentation:
Specific policy items associated with passwords. Information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_item and activedirectory_item are of no use. If this can be figured out, then the password_policy item is not needed.
Collapse XSD Schema Diagram:
Drilldown into reversible_encryption in schema windows-system-characteristics-schema_xsd Drilldown into password_complexity in schema windows-system-characteristics-schema_xsd Drilldown into password_hist_len in schema windows-system-characteristics-schema_xsd Drilldown into min_passwd_len in schema windows-system-characteristics-schema_xsd Drilldown into min_passwd_age in schema windows-system-characteristics-schema_xsd Drilldown into max_passwd_age in schema windows-system-characteristics-schema_xsd Drilldown into message in schema oval-system-characteristics-schema_xsd Drilldown into status in schema oval-system-characteristics-schema_xsd Drilldown into id in schema oval-system-characteristics-schema_xsd Drilldown into ItemType in schema oval-system-characteristics-schema_xsdXSD Diagram of passwordpolicy_item in schema windows-system-characteristics-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))
Collapse XSD Schema Code: 
<xsd:element name="passwordpolicy_item" substitutionGroup="oval-sc:item">
    <xsd:annotation>
        <xsd:documentation>Specific policy items associated with passwords. Information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_item and activedirectory_item are of no use. If this can be figured out, then the password_policy item is not needed.</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-sc:ItemType">
                <xsd:sequence>
                    <xsd:element name="max_passwd_age" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>Specifies, in seconds, the maximum allowable password age. A value of TIMEQ_FOREVER (-1) indicates that the password never expires. The minimum valid value for this element is ONE_DAY (86400).</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="ppitemmax_passwd_age" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-sc:passwordpolicy_item/win-sc:max_passwd_age">
                                        <sch:assert test="@datatype='int'">item <sch:value-of select="../@id" /> - datatype attribute for the max_passwd_age entity of a passwordpolicy_item should be 'int'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="min_passwd_age" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again. A value of zero indicates that no delay is required between password updates.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="ppitemmin_passwd_age" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-sc:passwordpolicy_item/win-sc:min_passwd_age">
                                        <sch:assert test="@datatype='int'">item <sch:value-of select="../@id" /> - datatype attribute for the min_passwd_age entity of a passwordpolicy_item should be 'int'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="min_passwd_len" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>Specifies the minimum allowable password length. Valid values for this element are zero through PWLEN.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="ppitemmin_passwd_len" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-sc:passwordpolicy_item/win-sc:min_passwd_len">
                                        <sch:assert test="@datatype='int'">item <sch:value-of select="../@id" /> - datatype attribute for the min_passwd_len entity of a passwordpolicy_item should be 'int'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="password_hist_len" type="oval-sc:EntityItemIntType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>Specifies the length of password history maintained. A new password cannot match any of the previous usrmod0_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="ppitempassword_hist_len" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-sc:passwordpolicy_item/win-sc:password_hist_len">
                                        <sch:assert test="@datatype='int'">item <sch:value-of select="../@id" /> - datatype attribute for the password_hist_len entity of a passwordpolicy_item should be 'int'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="password_complexity" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>A boolean value that signifies whether passwords must meet the complexity requirements put forth by the operating system.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="ppitempassword_complexity" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-sc:passwordpolicy_item/win-sc:password_complexity">
                                        <sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id" /> - datatype attribute for the password_complexity entity of a passwordpolicy_item should be 'boolean'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                    <xsd:element name="reversible_encryption" type="oval-sc:EntityItemBoolType" minOccurs="0" maxOccurs="1">
                        <xsd:annotation>
                            <xsd:documentation>Determines whether Windows 2000 Server, Windows 2000 Professional, and Windows XP Professional store passwords using reversible encryption.</xsd:documentation>
                            <xsd:appinfo>
                                <sch:pattern id="ppitemreversible_encryption" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                    <sch:rule context="win-sc:passwordpolicy_item/win-sc:reversible_encryption">
                                        <sch:assert test="@datatype='boolean'">item <sch:value-of select="../@id" /> - datatype attribute for the reversible_encryption entity of a passwordpolicy_item should be 'boolean'</sch:assert>
                                    </sch:rule>
                                </sch:pattern>
                            </xsd:appinfo>
                        </xsd:annotation>
                    </xsd:element>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>
Collapse Child Elements:
Name Type Min Occurs Max Occurs
message oval-sc:message 0 1
max_passwd_age win-sc:max_passwd_age 0 1
min_passwd_age win-sc:min_passwd_age 0 1
min_passwd_len win-sc:min_passwd_len 0 1
password_hist_len win-sc:password_hist_len 0 1
password_complexity win-sc:password_complexity 0 1
reversible_encryption win-sc:reversible_encryption 0 1
Collapse Child Attributes:
Name Type Default Value Use
id oval-sc:id Required
status oval-sc:status exists Optional
Collapse Derivation Tree:
Collapse References:
oval-sc:item
Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0