Password History Validation - ACS for Windows 4.2.x

Hello,
I'm evaluating the Secure ACS for Windows v4.2 platform against PCI DSS v2.0, specifically the "Implement Strong Access Control Measures" section.
We currently run version 4.0(1) Build 27 and use local user and password management.
For a variety of reasons I'd prefer to maintain this approach rather than pursue integration with an external identity store such as AD, but I need to know whether or not the in-bult password validation options are stringent enough to meet all of the relevant requirements.
I believe from the research I've done so far that version 4.2.x should meet the majority, but there is one in partiuclar about validation of previously used passwords that I'm still unclear on.
In the "Local Password Management" section of the ACS 4.2.1 User Guide (Text Part Number: OL-20208-01) it states that the password validation options include "Password is different from the previous value".
The PCI standard states: "Do not allow an individual to submit a new password that is the same as any of the last four passwords he or she has used."
Q) How many previous passwords is the newly submitted password validated against? Is it just the last one or will it check against more? Is there any way to configure how many it checks against?
Any help or guidance very much appreciated.
Cheers,
Nick

Hi Lomon,
After login in to ACS application. You can click on the Cisco logo on top left... You can find the patch version.please refer the below screen shot.
Please do rate if the given information helps.
By
Karthik

Similar Messages

  • Can Appliance 1113/1120 running ACS 4.1 replicate to ACS for Windows 4.2.1.15.2

    Anyone tested/tried to replication from ACS 4.1 (running on Appliance) to ACS for Windows 4.2(1)?

    Hi ,
    For replication to work between the two acs they should be on same version and patch level.
    Thanks
    Waris Hussain.

  • ACs For Windows 4.1.(1) build 23

    Hi.
    We´ve got two Windows 2003 Server R2 machines, with installed Cisco ACS For Windows 4.1.(1) Build 23 used for RADIUS users authentication and now days we´re trying to deploy now a TACACS+ configuration to the network device manage now from those ACSs, TACACS+ Accounting tab works fine, but the Accounting administration records or logs are updated but when I click on the TACACS+ Administration Tab the showed log files are empty, I knew about a bug in the 4.1 versión, the question is?
    Can I fix the issue if I upgrade or install only the 4.1.1.23-5 patch?
    It´ll be enough?
    Many thanks.

    Hi.
    We´ve got two Windows 2003 Server R2 machines, with installed Cisco ACS For Windows 4.1.(1) Build 23 used for RADIUS users authentication and now days we´re trying to deploy now a TACACS+ configuration to the network device manage now from those ACSs, TACACS+ Accounting tab works fine, but the Accounting administration records or logs are updated but when I click on the TACACS+ Administration Tab the showed log files are empty, I knew about a bug in the 4.1 versión, the question is?
    Can I fix the issue if I upgrade or install only the 4.1.1.23-5 patch?
    It´ll be enough?
    Many thanks.

  • Identify Patch Version in ACS for Windows 4.2

    Hi guys,
    I need to identify the correct patch Version in a Customer ACS for Windows 4.2
    How can I do this task ?
    In the about page I cannot find any reference to patch
    My Best Regards,
        Andre Lomonaco

    Hi Lomon,
    After login in to ACS application. You can click on the Cisco logo on top left... You can find the patch version.please refer the below screen shot.
    Please do rate if the given information helps.
    By
    Karthik

  • ACS for Windows 4.01 question

    Easy question, how do you see the serial number for ACS for windows? is there a command line, is it just the pak # licenses ?
    Thanks.

    Hi,
    No serial number for ACS for windows. No license required for ACS for windows.
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

  • Replication issues with ACS for Windows 3.3.3 build 11

    I have built two ACS for Windows servers on Windows 2003 SP1. The AD environment is Windows 2003 SP1 as well. I have configured the two ACS servers on each box. However, when I go to replicate from box A to box B, the following error appears:
    Inbound database replication from ACS 'acsradius.asu.edu' denied - shared secret mismatch
    I have double checked the shared secret keys on both servers in the Network Configuration AAA servers section. Any idea what the issue is?
    Thanks.

    Do not run replication to a server installed on Windows 2003. Due to changes in the way Win2003 handles registry changes, each change can take up to 100 times longer and replication can fail and the server hang.

  • ACS for Windows vs ACS Appliance?

    First, the only thing I saw on the Appliance was that it was a 'hardened OS'. So I'm assuming like many of their other appliances that this is Windows 2003 locked down? Regardless if it is or not, are there any issues with the appliance being in a mixed environment with ACS for Windows and replication between the two?
    Thanks,
    Raun

    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawo.html
    When you use ACS for Windows, you install it on a member server, which can "relay" the auth requests to the domain controllers.
    ACS SE's are not a member in the domain, therefore you need to install the remote agent on a member/DC, so that it would act as a "relay agent" for the auth requests.
    You'll also need to manually create a workstation account in AD to allow auth requests from the ACS SE's.
    The default name used is "CISCO", but it can be defined differently.
    For this part, see
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp311476

  • How do I delete my chat history in Skype for windows 8?

    How do I delete my chat history in Skype for windows 8?

    As of August 2013 this DOES NOT WORK with the Windows 8 version. To prove: Start a text chat, let both parties create a few messages. Follow method for clearing chat (Windows-C, Settings, Options, Clear History) Go back into Skype chat of same person as before Entire history is still there. Shut down PC and restart. Go into Skype. Open chat window for same user. Entire history is still there. Install Skype for Desktop Log on Go into settings, IM/SMS Set history to "do not save history" Clear history Log off Skype for Desktop Go back into Skype Windows 8 version History all still there. DO NOT KEEP TELLING US THIS SOLUTION - IT DOES NOT WORK. You demonstrate that you're more interested in getting points in here than actually testing the supposed solution you suggest. If you had, you'd know IT DOES NOT WORK.
    Edited to conform with the Community Guidelines

  • How to set Password History in ACS? Sarbanes-Ox...

    I am using acs 4.0 for tacacs auth to network devices. I need to be able to force the password history to prevent users from using any of the previous 5 passwords. I see that there is an option to prevent from using the "last" one, but not 5. Can I overwrite this somewhere?
    thanks -j

    Hi,
    The latest version of ACS (4.1) has new features specifically designed to address SOX issues:
    "This release contains new ACS administrator permissions to improve password management and audit reports for regulatory compliance; for example, Sarbanes-Oxley (SOX). ACS includes the following capabilities for:"
    Authentication:
    * Forcing periodic change of administrator?s password.
    * Applying password structure policy.
    * Forcing administrator's password change for inactive account.
    * Preventing the reuse of old password (password history).
    * Disabling administrator accounts for inactivity.
    * Disabling administrator accounts after failed logins.
    * Allowing ACS administrators to change their own passwords.
    Audit and Reporting:
    * Logging all administrative actions via system logging (syslog), in addition to existing logging targets.
    * Controlling administrators? access to log file configuration to prevent specific audit logging from being disabled.
    * Adding new reports for administrators privileges.
    Authorization:
    * Providing a read-only privilege for users and groups.
    HTH - plz rate if useful.
    Andrew.

  • ACS for windows first login

    Hi while installing ACS 4.1 for windows, there was no option for setting admin username and password. how can i login into it? in the installation guide there is no default username and password. help

    After you finish the install, you can access ACS from the web browser on the server that you installed ACS on without credentials. Then you can setup you admin accounts.

  • Remote Agent for ACS for Windows 2008 R2 64-bit

    Hi,
    We having difficulties with installing remote agent on windows 2008 R2 64-bit server and got the attached error.
    Our ACS is 4.2.0.124 and remote agents we tried are :Remote-Agent-ACSse-win-v4.2.1.15-K9.zip and Acs-4.2.1.15.9-RA.zip.
    I see following urls says it does not support Windows 2008 R2 and also 64-bit Windows,
    https://supportforums.cisco.com/message/3135061#3135061
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289019
    However following url says its support 2008 R2 with 64-bit version
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Release_Notes/acs421_rn.html
    Appreciate if someone can adivse us what vesion (file name) of Remote Agent can support (or working) for Windows 2008 R2 64-bit.
    thanks in advance

    Hi Tarik,
    What I wanted to say that the below url says that ACS 4.2 does not support on 64-bit OS:
    ACS Requirements
    You must use ACS Remote Agent for Windows, version 4.2, with ACS SE, version 4.2. We do not support other Cisco Secure ACS releases.
    Note ACS Remote Agent 4.2 for Windows does not support 64-bit operating systems.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289019
    However could you please let me know what exact Remote Agent file you recommend to use for windwos 2008 R2 64-bit Server. The ACS SE version that I have is 4.2.0.124.
    Thanks

  • With Cisco Secure ACS For Windows TACACS+, authentication fails with AD

      I am setting up a Cisco Secure ACS 4.2 server to act as a TACACS server for Switches and Routers  I am using Windows 2003 server for the ACS,
    and a Windows 2003 Active Directory server.  The AD server is fine, as it is used for many other things.
    I have set up ACS as defined nit he installation guide, including all the steps in the 'Member Server' section of the install guide
    when using AD as an external database (i.e. setting up the services to run with a domain admin account, setting up a machine called 'CISCO'
    on the domain etc).
    I've set the unknown user policy to use the Windows database if the internal database doesn;t contain the user details.
    If I add a user to the internal database, the authentication goes through fine, with an entry in the 'Passed Authentications' log,
    02/24/2010,05:07:03,Authen failed,eXXXX,Network Administrators(NDG) ,X.X.X.X,(Default),Internal error,,(geting error message as INternal Error)
    I've scoured google etc, and just cannot come up with any reason why this should be happening.
      I've followed all the install guides to the letter.  I need to get this up and running as soon as possible,
    so am looking forward to finding out if anyone can help me with this one!
    THanks and regards
    Sharan

    Hi  Jesse,
    Thasts a great answer and Soution.
    My previous version was 4.2 and it was installed on 64 bit machine hence getting internal Error.
    After this answer i have upgraded it to ACS4.2.1 and its started working fine
    Thanks very much for the help
    Dipu

  • ACS for Windows 4.1 - two issues

    Hi,
    Now that I have my ACS 4.1 server running on Windows 2003, I'm having two issues:
    1) I can't view the admin interface with Internet Explorer 7. It just tells me that "Some content or files on this webpage require a program that you don't have installed." It seems to work fine with Firefox 3, and I can connect to our old ACS 3.2 server with IE7 with no problem.
    2) We're set up to use Active Directory. I've got the external database set up fine, and have a specific AD security group mapped to a group on the ACS server for myself and one other engineer to have access. That seems to work fine - we can both get into the equipment in enabled mode. I added a third user to the AD group, but that user can't log into the same equipment the other two users can.
    I've been searching for solutions to both problems, both in google and on Cisco's site to no avail. Can anyone point me in the right direction?

    1) brain fart - I had been putting in the server name and port number and it wouldn't work, but once I started typing the full http://servername:port, it worked. I did have the latest java installed.
    2) The group has the correct settings to log in the enabled mode. The other two users in the same group work just fine. I don't seem to have any passed authentication logs - I may need to turn something on for that, but it got me thinking. I checked the failed attempts log, and it seems I don't have windows dialin permissions set on the third account.
    Thanks - seems I just needed to have someone point out my n00bishness. ;-)

  • Acs for windows doesnt work with w2k8

    Hi Folks
    I have win 2008 server as DC,
    i have installed acs 4.2 on menber server (win 2003) , but it doesn't work, how to let this one work , any patch for that
    thanks

    Hi,
    Inorder to support windows 2008 you need ACS 4.2.0.124 patch 4.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html
    If you have a windows 2k8 R2 as DC, then you need an ACS 5.2
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041324
    Hope this helps..
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

  • ACS for Windows license

    If I have a Windows server installing ACS 4.2, and I have another server for only failover purpose. Can I use the same license in the failover server, or I need to buy another license?
    Thanks

    You'll need another license.
    Hope that helps

Maybe you are looking for

  • Error while developing a BPEL sample

    I have been trying to implement the GoogleFlowWithSensors sample that comes along with the Oracle JDeveloper BPEL designer. However, when I try to set up the type for the output variable it gives me this message within the variable chooser: exception

  • Package oracle.jdbc.driver does not exist!!

    hi there.. am writing a JBDC application and i got the following error: "package oracle.jdbc.driver does not exist" what am i supposed to do?? well, am not sure, but i guess the above means that i dont have a JDBC driver for oracle; f i am right, whe

  • Mac Mini Media Centre query

    Hi all... just have 1 simple question to ask. If i was to use a Mac Mini purely as a media centre to my Sony Bravia, would the basic spec from the store be sufficient (excluding hard drive space - which i will buy external)? i only plan to watch movi

  • How do I get images to sit side by side without space between?

    No matter what I try, my social media buttons are spacing themselves out more than I would like! Here is my reference page http://www.gogographics.ca/hh See top right and I have used a span class with 0 margin on them as a last try to stop them sprea

  • The login information is not valid for this server

    Hello, i've recently setup open directory for 30 MAC running 10.5 and 10.6 it works sort of fine. having a few errors with mobility though that's for another thread. My prob, is that the first time ive set OD, the next day while logging into WGM i ha