Navigate

Check: WN08-00-000009

Windows 8/8.1 STIG: WN08-00-000009 (in versions v1 r23 through v1 r16)

Title

Administrator passwords must be changed as required. (Cat II impact)

Discussion

The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the passwords. Passwords for the default and emergency administrator accounts must be changed at least annually or when any member of the administrative team leaves the organization.

Check Content

Determine if the site has a policy that requires the default and emergency admin passwords to be changed at least annually or when any member of the administrative team leaves the organization. If there is no policy, this is a finding.

Fix Text

Define a policy that requires the default and emergency administrator passwords to be changed at least annually or when any member of the administrative team leaves the organization. Ensure the policy is implemented.

Additional Identifiers

Rule ID: SV-48166r1_rule

Vulnerability ID: V-14225

Group Title: Administrator Account Password Changes

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings