WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 15 characters in length.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000205, Rule-ID|SV-226037r794297_rule, STIG-ID|WN12-00-000010, STIG-Legacy|SV-51579, STIG-Legacy|V-36661, Vuln-ID|V-226037

Plugin: Windows

Control ID: 54a64e8d87b8a7cf8954bc08088c4b4c253b5a43f8be23d5e9f63f79f5171377