4.026 - To the extent system capabilities permit, system mechanisms are not implemented to enforce automatic expiration of passwords.

Information

Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked.

Solution

Configure all information systems to expire passwords.

See Also

http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(d), CAT|II, CCI|CCI-000199, Rule-ID|SV-29395r1_rule, STIG-ID|4.026, Vuln-ID|V-6840

Plugin: Windows

Control ID: b000336d87c0105fcd6fcc7d6bb2d5db065e3188b64d0b91d4c46458d9f83b2c