[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Maximum password age

ID: oval:org.secpod.oval:def:7902Date: (C)2012-11-10   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Maximum password age setting should be configured correctly. This policy setting defines how long a user can use their password before it expires. Values for this policy setting range from 0 to 999 days. If you set the value to 0, the password will never expire. The default value for this policy setting is 42 days. Because attackers can crack passwords, the more frequently you change the password the less opportunity an attacker has to use a cracked password. However, the lower this value is set, the higher the potential for an increase in calls to help desk support due to users having to change their password or forgetting which password is current. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age (2) REG: NO INFO

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-10562-7
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-10562-7
XCCDF    5
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2008_R2
...

© SecPod Technologies