CSCv6|5.3

Title

Change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems.

Description

Before deploying any new devices in a networked environment, change all default passwords for applications, operating systems, routers, firewalls, wireless access points, and other systems to have values consistent with administration-level accounts.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.1 Ensure 'Minimum Password Complexity' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12Palo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3Palo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.10 Ensure 'Block Username Inclusion' is enabledPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.3.10 Ensure 'Block Username Inclusion' is enabledPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall v8.x L1 v4.2.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
3.9 Ensure 'INACTIVE_ACCOUNT_TIME' Is Less than or Equal to '120'OracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 18c DB Unified Auditing v1.1.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Traditional Auditing v3.0.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 18c DB Traditional Auditing v1.1.0
4.1 Ensure All Default Passwords Are ChangedOracleDBCIS Oracle Server 12c DB Unified Auditing v3.0.0
DG0128-ORACLE11 - DBMS default accounts should be assigned custom passwords - 'No default accounts are OPEN'OracleDBDISA STIG Oracle 11 Instance v9r1 Database
SonicWALL - Ensure default 'admin' username is not usedSonicWALLTNS SonicWALL v5.9