Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14225 | WN08-00-000009 | SV-48166r1_rule | ECPA-1 | Medium |
Description |
---|
The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the passwords. Passwords for the default and emergency administrator accounts must be changed at least annually or when any member of the administrative team leaves the organization. |
STIG | Date |
---|---|
Windows 8 / 8.1 Security Technical Implementation Guide | 2015-06-16 |
Check Text ( C-44866r1_chk ) |
---|
Determine if the site has a policy that requires the default and emergency admin passwords to be changed at least annually or when any member of the administrative team leaves the organization. If there is no policy, this is a finding. |
Fix Text (F-41304r1_fix) |
---|
Define a policy that requires the default and emergency administrator passwords to be changed at least annually or when any member of the administrative team leaves the organization. Ensure the policy is implemented. |