Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-28138 | SHPT-00-000600 | SV-37784r2_rule | IAGA-1 | Medium |
Description |
---|
Passwords have a number of inherent risks. One method of minimizing this risk is to enforce the use of complex passwords. Another method is to enforce periodic password changes. If the information system does not limit the lifetime of passwords and force password changes, the system may be vulnerable to password attacks and may become compromised. This setting only enables automatic password changes for managed account. These accounts are in AD DS. The Windows server STIG guidance requires annual password changes for all service accounts. |
STIG | Date |
---|---|
SharePoint 2010 Security Technical Implementation Guide (STIG) | 2015-10-02 |
Check Text ( C-36986r4_chk ) |
---|
1. In SharePoint Central Administration, click Security. 2. On the Security page, in the General Security list, click Configure managed accounts. 3. Go through each service account to see if “Enable automatic password change” is checked. 4. Mark as a finding if “Enable automatic password change” is not checked. |
Fix Text (F-32250r3_fix) |
---|
1. In SharePoint Central Administration, click Security. 2. On the Security page, in the General Security list, click Configure managed accounts. 3. Edit setting for each managed account. 4. Select “Enable automatic password change”. |