STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:

Policy must require application account passwords be at least 15 characters in length.

DISA Rule

SV-226037r569184_rule

Vulnerability Number

V-226037

Group Title

SRG-OS-000078-GPOS-00046

Rule Version

WN12-00-000010

Severity

CAT II

CCI(s)

CCI-000205 - The information system enforces minimum password length.

Weight

Fix Recommendation

Establish a site policy that requires application/service account passwords that are manually managed to be at least 15 characters in length. Ensure the policy is enforced.

Check Contents

Verify the site has a policy to ensure passwords for manually managed application/service accounts are at least 15 characters in length. If such a policy does not exist or has not been implemented, this is a finding.

Vulnerability Number

V-226037

Documentable

False

Rule Version

WN12-00-000010

Severity Override Guidance

Check Content Reference

Target Key

4217

Policy must require application account passwords be at least 15 characters in length.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments