WN12-AC-000007 – Passwords must, at a minimum, be 14 characters.

Details

Information systems not protected with strong password schemes (including passwords of minimum length) provide the opportunity for anyone to crack the password, thus gaining access to the system and compromising the device, information, or the local network.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> ‘Minimum password length’ to ’14’ characters.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

800-53|IA-5(1)(a)
CAT|II
CCI|CCI-000205
Rule-ID|SV-226062r794298_rule
STIG-ID|WN12-AC-000007
STIG-Legacy|SV-52938
STIG-Legacy|V-6836
Vuln-ID|V-226062

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles