Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
WN08-GE-000017 | WN08-GE-000017 | WN08-GE-000017_rule | Medium |
Description |
---|
Passwords that do not expire or are reused increase the exposure of a password with greater probability of being discovered or cracked. |
STIG | Date |
---|---|
Windows 8 Security Technical Implementation Guide | 2012-11-21 |
Check Text ( C-WN08-GE-000017_chk ) |
---|
Run the DUMPSEC utility. Select "Dump Users as Table" from the "Report" menu. Select the following fields, and click "Add" for each entry. UserName SID PswdExpires AcctDisabled Groups If any accounts have "No" in the "PswdExpires" column, this is a finding. The following are exempt from this requirement: Application Accounts Accounts that meet the requirements for allowable exceptions must be documented with the IAO. |
Fix Text (F-WN08-GE-000017_fix) |
---|
Configure all passwords to expire. Ensure "Password never expires" is not checked on all accounts in Computer Management, Local Users and Groups. Document any exceptions with the IAO. |