Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-14225 | 3.122 | SV-32274r1_rule | ECPA-1 | Medium |
Description |
---|
This check verifies that the passwords for the default and backup administrator accounts are changed at least annually or when any member of the administrative team leaves the organization. |
STIG | Date |
---|---|
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Check Text ( C-11571r1_chk ) |
---|
Interview the SA or IAM to determine if the site has a policy that requires the default and backup admin passwords to be changed at least annually or when any member of the administrative team leaves the organization. |
Fix Text (F-13549r1_fix) |
---|
Define a policy for required password changes for the default and backup admin account. |