Detections
Analytics

CSCv6|5.3

Title

Change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems.

Description

Before deploying any new devices in a networked environment, change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems to have values consistent with administration-level accounts.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.6 Ensure 'Minimum Special Characters' is greater than or equal to 1Palo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 daysPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwordsPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.3.10 Ensure 'Block Username Inclusion' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.10 Ensure 'Block Username Inclusion' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 9 Benchmark v1.0.0 L1
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall ASA 9 L1 v4.0.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall ASA 8 L1 v4.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.0.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 18c DB Unified Auditing v1.0.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
IAM: GetAccountPasswordPolicy - 'Maximum password age <= 90'amazon_awsTenable AWS Best Practice Audit
IAM: GetAccountPasswordPolicy - 'Number of passwords to remember >= 24'amazon_awsTenable AWS Best Practice Audit
NET1665 - System community names or usernames use defaults. - 'Community set to Private'CiscoDISA STIG Cisco Perimeter Router v8r8
NET1665 - System community names or usernames use defaults. - 'Community set to Public'CiscoDISA STIG Cisco Perimeter Router v8r8
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco Perimeter Router and L3 Switch v8r31
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco Infrastructure L3 Switch v8r29
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco Perimeter Router v8r32
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco Infrastructure Router and L3 Switch v8r28
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco L2 Switch v8r26
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco L2 Switch V8R27
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco Infrastructure Router v8r29
NET1665 - Using default SNMP community names - 'Community set to Public or Private'CiscoDISA STIG Cisco Perimeter L3 Switch v8r32
PCI 2.2.2 Enable only necessary and secure services, protocols, daemons - 'read-community'UnixPCI DSS 2.0/3.0 - Solaris 10
SOL-11.1-080160 - SNMP communities, users, and passphrases must be changed from the default.UnixDISA STIG Solaris 11 SPARC v2r2
SOL-11.1-080160 - SNMP communities, users, and passphrases must be changed from the default.UnixDISA STIG Solaris 11 X86 v2r4
SOL-11.1-080160 - SNMP communities, users, and passphrases must be changed from the default.UnixDISA STIG Solaris 11 SPARC v2r4
SonicWALL - Ensure default 'admin' username is not usedSonicWALLTNS SonicWALL v5.8 Best Practices
SonicWALL - Ensure default 'admin' username is not usedSonicWALLTNS SonicWALL v5.9