20.34 Ensure 'Manually managed application account passwords are 15 characters in length'

Information

This policy setting ensures that all manually managed application account passwords are at least 15 characters in length.

The recommended STIG state for this setting is: 15 or more characters

Application account passwords must be of sufficient length to prevent being easily cracked. Application accounts that are manually managed must have passwords at least 15 characters in length.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish a policy that requires application/service account passwords that are manually managed to be 15 characters or more in length. Ensure that the policy is enforced.

Impact:

All manually managed account will need to be at least 15 characters in length.

See Also

https://workbench.cisecurity.org/benchmarks/15105

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Windows

Control ID: 0c9903c001278e70d81213b38a8233f459da158ac7fb212178ac5d78f747e5d2