WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length.

Information

Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 15 characters in length.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CAT|II, CCI|CCI-000205, Rule-ID|SV-226037r794297_rule, STIG-ID|WN12-00-000010, STIG-Legacy|SV-51579, STIG-Legacy|V-36661, Vuln-ID|V-226037

Plugin: Windows

Control ID: 8ef95ccf7520e8298985fbdebe6dfa73903e4efdf5c7edfd61d7af646d4e106e