WN12-AC-000007 - Passwords must, at a minimum, be 14 characters.

Information

Information systems not protected with strong password schemes (including passwords of minimum length) provide the opportunity for anyone to crack the password, thus gaining access to the system and compromising the device, information, or the local network.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> 'Minimum password length' to '14' characters.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CAT|II, CCI|CCI-000205, Rule-ID|SV-226062r794298_rule, STIG-ID|WN12-AC-000007, STIG-Legacy|SV-52938, STIG-Legacy|V-6836, Vuln-ID|V-226062

Plugin: Windows

Control ID: f58e11479bb04924f0bb1036cfc851c8c31175b6e500c2f2d57c825d41aad148