Default and Emergency Administrator passwords must be changed when necessary.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25377 | OSX00690 M6 | SV-37325r1_rule | ECPA-1 | Medium |
| Description |
|---|
| This check verifies the passwords for the default and emergency administrator accounts are changed at least annually or when any member of the administrative team leaves the organization. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Details
| Check Text ( C-36017r1_chk ) |
|---|
| Interview the SA or IAM to determine if the site has a policy requiring the default and backup administrator passwords to be changed at least annually or when any member of the administrative team leaves the organization. |
| Fix Text (F-31266r1_fix) |
|---|
| Define a policy for required password changes for the default and backup administrator account. |