Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
DBMS login accounts require passwords to meet complexity requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15152 | DG0079-SQLServer9 | SV-24092r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Weak passwords are a primary target for attack to gain unauthorized access to databases and other systems. Where username/password is used for identification and authentication to the database, requiring the use of strong passwords can help prevent simple and more sophisticated methods for guessing at passwords. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-20068r1_fix) |
|---|
| For all DBMS accounts using SQL Server logins, set the accounts for password complexity checking: From the query prompt: ALTER LOGIN [login name] CHECK_POLICY = ON Note: This setting depends upon host system password complexity settings. The host system must be configured to comply with Windows STIG requirements. |