UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SharePoint managed service accounts must be set to enable automatic password change.


Overview

Finding ID Version Rule ID IA Controls Severity
V-28138 SHPT-00-000600 SV-37784r2_rule Medium
Description
Passwords have a number of inherent risks. One method of minimizing this risk is to enforce the use of complex passwords. Another method is to enforce periodic password changes. If the information system does not limit the lifetime of passwords and force password changes, the system may be vulnerable to password attacks and may become compromised. This setting only enables automatic password changes for managed account. These accounts are in AD DS. The Windows server STIG guidance requires annual password changes for all service accounts.
STIG Date
MS SharePoint 2010 Security Technical Implementation Guide 2019-01-02

Details

Check Text ( C-36986r4_chk )
1. In SharePoint Central Administration, click Security.
2. On the Security page, in the General Security list, click Configure managed accounts.
3. Go through each service account to see if “Enable automatic password change” is checked.
4. Mark as a finding if “Enable automatic password change” is not checked.
Fix Text (F-32250r3_fix)

1. In SharePoint Central Administration, click Security.
2. On the Security page, in the General Security list, click Configure managed accounts.
3. Edit setting for each managed account.
4. Select “Enable automatic password change”.