Information
This policy setting ensures that all manually managed application account passwords are at least 14 characters in length.
The recommended STIG state for this setting is: 14 or more characters
Application account passwords must be of sufficient length to prevent being easily cracked. Application accounts that are manually managed must have passwords at least 14 characters in length.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Establish a policy that requires application/service account passwords that are manually managed to be 14 characters or more in length. Ensure that the policy is enforced.
Impact:
All manually managed accounts will need to be at least 14 characters in length.