Check: 4.012
Windows 2003 DC STIG:
4.012
(in version v6 r40)
Title
Minimum password age does not meet minimum requirements. (Cat II impact)
Discussion
Permitting passwords to be changed in immediate succession within the same day, allows users to cycle passwords through their history database. This enables users to effectively negate the purpose of mandating periodic password changes.
Check Content
Fix Text
Configure the Minimum Password Age so that it is a minimum of "1".
Additional Identifiers
Rule ID: SV-28993r1_rule
Vulnerability ID: V-1105
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000198 |
The information system enforces minimum password lifetime restrictions. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| IA-5(1) |
Password-based Authentication |