WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 15 characters in length.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R3_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CAT|II, CCI|CCI-000205, Rule-ID|SV-225247r569185_rule, STIG-ID|WN12-00-000010, STIG-Legacy|SV-51579, STIG-Legacy|V-36661, Vuln-ID|V-225247

Plugin: Windows

Control ID: 21102f584dc9dd83225e6b035d5a19c8433656b81b90d514236aa957ac33513c