WN12-AC-000006 – The minimum password age must meet requirements.

Details

Permitting passwords to be changed in immediate succession within the same day allows users to cycle passwords through their history database. This enables users to effectively negate the purpose of mandating periodic password changes.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> ‘Minimum password age’ to at least ‘1’ day.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

800-53|IA-5(1)(d)
CAT|II
CCI|CCI-000198
Rule-ID|SV-226061r794294_rule
STIG-ID|WN12-AC-000006
STIG-Legacy|SV-52852
STIG-Legacy|V-1105
Vuln-ID|V-226061

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles