20.1 Ensure 'Accounts require passwords' (STIG only)

Information

This policy setting ensures that all accounts are password protected.

The lack of password protection enables anyone to gain access to the system, which can open a backdoor opportunity for intruders to compromise the system as well as other resources.

Solution

Configure all enabled accounts to require passwords.

Note: The password required flag can be set by entering the following on a command line: 'Net user [username] /passwordreq:yes', substituting [username] with the name of the user account.

Impact:

All accounts will be required to have a password.

See Also

https://workbench.cisecurity.org/benchmarks/20002

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Windows

Control ID: 3257014e622a6b7149e2e236a8bb6bbf4a63cdb0019840846a5a4002b8438da7