UCF STIG Viewer Logo

Policy must require application account passwords be at least 15 characters in length.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36661 WN12-00-000010 SV-51579r1_rule IAIA-1 Medium
Description
Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 15 characters in length.
STIG Date
Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide 2020-06-16

Details

Check Text ( C-46842r2_chk )
Verify the site has a policy to ensure passwords for manually managed application/service accounts are at least 15 characters in length. If such a policy does not exist or has not been implemented, this is a finding.
Fix Text (F-44708r2_fix)
Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.