Application account passwords must meet DoD requirements for length, complexity, and changes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| WN08-00-000010 | WN08-00-000010 | WN08-00-000010_rule | Medium |
| Description |
|---|
| Setting application accounts to expire may cause applications to stop functioning. The site will have a policy that application account passwords are changed at least annually or when a system administrator with knowledge of the password leaves the organization. Application/service account passwords will be at least 15 characters and follow all complexity requirements. |
| STIG | Date |
|---|---|
| Windows 8 Security Technical Implementation Guide | 2012-11-21 |
Details
| Check Text ( C-WN08-00-000010_chk ) |
|---|
| The site must have a local policy to ensure that passwords for application/service accounts are at least 15 characters in length and meet all complexity requirements. Application/service account passwords manually generated and entered by a system administrator must be changed at least annually or whenever a system administrator that has knowledge of the password leaves the organization. Interview the system administrators on their policy for application/service accounts. If it does not meet the above requirements, this is a finding. Run the DUMPSEC utility. Select "Dump Users as Table" from the "Report" menu. Select the following fields, and click "Add" for each entry; UserName SID PwsdLastSetTime AcctDisabled If any application accounts listed have a date older than one year in the "PwsdLastSetTime" column, this is a finding. |
| Fix Text (F-WN08-00-000010_fix) |
|---|
| Create application/service account passwords that are at least 15 characters in length and meet all complexity requirements. Change application/service account passwords that are manually generated and entered by a system administrator at least annually or whenever an administrator with knowledge of the password leaves the organization. |