Details
Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 15 characters in length.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.
Supportive Information
The following resource is also helpful.
- https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R3_STIG.zip
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.
References
- 800-53|IA-5(1)(a)
- CAT|II
- CCI|CCI-000205
- Rule-ID|SV-225247r569185_rule
- STIG-ID|WN12-00-000010
- STIG-Legacy|SV-51579
- STIG-Legacy|V-36661
- Vuln-ID|V-225247