Back

Configure "Do not allow password expiration time longer than required by policy" to organizational standards.


CONTROL ID
15390
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only) Description: In May 2015, Microsoft released the Local Administrator Password Solution (LAPS) tool, which is free and supported software that allows an organization to automatically set r… (18.2.2, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only) Description: In May 2015, Microsoft released the Local Administrator Password Solution (LAPS) tool, which is free and supported software that allows an organization to automatically set r… (18.2.2, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • Verify system generated initial passwords or activation codes SHOULD be securely randomly generated, SHOULD be at least 6 characters long, and MAY contain letters and numbers, and expire after a short period of time. These initial secrets must not be permitted to become the long term password. (2.3.1, Application Security Verification Standard 4.0.3, 4.0.3)