An error occurred:

Check: WN11-AC-000040

Microsoft Windows 11 STIG: WN11-AC-000040 (in versions v2 r2 through v1 r1)

Title

The built-in Microsoft password complexity filter must be enabled. (Cat II impact)

Discussion

The use of complex passwords increases their strength against guessing and brute-force attacks. This setting configures the system to verify that newly created passwords conform to the Windows password complexity policy.

Check Content

Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for "Password must meet complexity requirements" is not set to "Enabled", this is a finding. If the site is using a password filter that requires this setting be set to "Disabled" for the filter to be used, this would not be considered a finding.

Fix Text

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Password must meet complexity requirements" to "Enabled".

Additional Identifiers

Rule ID: SV-253304r1016430_rule

Vulnerability ID: V-253304

Group Title: SRG-OS-000069-GPOS-00037

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000192

The information system enforces password complexity by the minimum number of upper case characters used.
CCI-004066

For password-based authentication, enforce organization-defined composition and complexity rules.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-5(1)

Password-based Authentication