Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Windows service \ application accounts with administrative privileges and manually managed passwords, must have passwords changed at least every 60 days.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-44059 | AD.0014 | SV-56889r2_rule | IAIA-1 | Medium |
| Description |
|---|
| NT hashes of passwords for accounts that are not changed regularly are susceptible to reuse by attackers using Pass-the-Hash. Windows service \ application account passwords are not typically changed for longer periods of time to ensure availability of the applications. If a service \ application also has administrative privileges it will provide elevated access if compromised. |
| STIG | Date |
|---|---|
| Active Directory Domain Security Technical Implementation Guide (STIG) | 2017-12-15 |
Details
| Check Text ( C-49474r3_chk ) |
|---|
| If no Windows service \ application accounts with manually managed passwords have administrative privileges, this is NA. Verify Windows service \ application accounts with administrative privileges and manually managed passwords, have passwords changed at least every 60 days. |
| Fix Text (F-49679r4_fix) |
|---|
| If no Windows service \ application accounts with manually managed passwords have administrative privileges, this is NA. Change passwords for Windows service \ application accounts with administrative privileges and manually managed passwords, at least every 60 days. |