Application/service account passwords must be changed at least annually or whenever a system administrator with knowledge of the password leaves the organization.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25378 | OSX00695 M6 | SV-37329r1_rule | ECPA-1 | Medium |
| Description |
|---|
| Setting application accounts to expire may cause applications to stop functioning. The site will have a policy for application account passwords manually generated and entered by a system administrator to be changed at least annually or when a system administrator with knowledge of the password leaves the organization. Application/service account passwords will be at least 15 characters and follow complexity requirements for all passwords. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Details
| Check Text ( C-36020r1_chk ) |
|---|
| The site should have a local policy ensuring passwords for application/service accounts are at least 15 characters in length and meet complexity requirements for all passwords. Application/service account passwords manually generated and entered by a system administrator must be changed at least annually or whenever a system administrator with knowledge of the password leaves the organization. Interview the system administrators on their policy for application/service accounts. If it does not meet the above requirements, this is a finding. |
| Fix Text (F-31269r1_fix) |
|---|
| Create application/service account passwords at least 15 characters in length and meet complexity requirements. Change of application/service account passwords are manually generated and entered by a system administrator at least annually or whenever an administrator with knowledge of the password leaves the organization. |