WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length.

Information

Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 15 characters in length.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R7_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CAT|II, CCI|CCI-000205, Rule-ID|SV-225247r569185_rule, STIG-ID|WN12-00-000010, STIG-Legacy|SV-51579, STIG-Legacy|V-36661, Vuln-ID|V-225247

Plugin: Windows

Control ID: deb1d3d9e4a99e1de2d60b60f178b267d07844aa5cd7e93f5a559c8a704fd919