WN10-00-000090 – Accounts must be configured to require password expiration.

Details

Passwords that do not expire increase exposure with a greater probability of being discovered or cracked.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure all passwords to expire.
Run ‘Computer Management’.
Navigate to System Tools >> Local Users and Groups >> Users.
Double click each active account.
Ensure ‘Password never expires’ is not checked on all active accounts.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_10_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

800-53|IA-5(1)(d)
CAT|II
CCI|CCI-000199
Rule-ID|SV-220716r569187_rule
STIG-ID|WN10-00-000090
STIG-Legacy|SV-77861
STIG-Legacy|V-63371
Vuln-ID|V-220716

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles