20.35 Ensure 'Manually managed application account passwords be changed at least annually or when a system administrator with knowledge of the password leaves the organization'

Information

This policy setting ensures that all manually managed application account passwords are changed at least annually or when a system administrator with knowledge of the password leaves the organization.

Setting application account passwords to expire may cause applications to stop functioning. However, not changing them on a regular basis exposes them to attack. If managed service accounts are used, this alleviates the need to manually change application account passwords.

Solution

Change passwords for manually managed application/service accounts at least annually or when an administrator with knowledge of the password leaves the organization.

Impact:

Manually managed application account passwords will need to be changed at least annually.

See Also

https://workbench.cisecurity.org/benchmarks/15105