Implementing password policies

If you require a password to authenticate users, you can configure IBM® Sterling Control Center Monitor to accept only passwords that conform to your company password policy.

Password policies are set in IBM Sterling Control Center Monitor by modifying the passwordPolicy.xml file in the IBM Sterling Control Center Monitor web console by clicking Menu Button () > System Settings > Properties > passwordPolicy.xml.

Even without implementing a password policy, new passwords for IBM Sterling Control Center Monitor must be at least 8 characters long, It should contain at least 1 lower alphabet & upper alphabet and It should contain at least 1 special character & number.

If you implement a password policy, the policy criteria is enforced only for the following users:
  • Existing users who change their password
  • New users who are added after the passwordPolicy.xml file is modified and put into effect
Note: There is a minimum password policy which is enforced whenever a user enters a new password in the following scenarios:
  • First time user activation (email link with Subject: "New user for Control Center is successfully registered")
  • Forgot Password reset processing (email link with Subject: "ALERT! Account forgot password request initiated")
  • Change Password processing (IBM Sterling Control Center Monitor Web UI upper right > User Icon >Change Password)

If passwordPolicy.xml is set to stronger password requirements than listed below, the passwordPolicy.xml requirements will be enforced.

If passwordPolicy.xml is set to weaker password requirements than listed below, the minimum requirements will be enforced.

New passwords must conform to the following minimum requirements and are always displayed on the new password/change password entry screen.
  • Password should be at least 8 characters long
  • It should contain at least 1 lower alphabet and upper alphabet
  • It should contain at least 1 special character and number

If you do not edit the passwordPolicy.xml file, no password policy is in effect, other than “Passwords should not include username”, for IBM Sterling Control Center Monitor. Password policy settings include the following criteria:

  • Minimum and maximum password length
  • Requiring lowercase, uppercase, and special (non-alphanumeric) characters in the password
  • Excluding lowercase, uppercase, and special characters in the password
  • Passwords should not include username
  • Using regular expressions (regex) to define specific password patterns
  • Using regular expressions (regex) to define specific patterns to exclude