5.4.1.5 Ensure all users last password change date is in the past

Information

All users should have a password change date in the past.
If a users recorded password change date is in the future then they could bypass any set password expiration.

Solution

Investigate any users with a password change date in the future and correct them. Locking the account, expiring the password, or resetting the password manually may be appropriate.

See Also

https://workbench.cisecurity.org/files/1863

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5f.

Plugin: Unix

Control ID: a498fd786b2552a44bb886d1fe1f39471f8282b1e455f70ab6462d8cb3510c87