STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: For systems utilizing a logon ID as the individual identifier, passwords will, at a minimum, be 14 characters.

DISA Rule

SV-32369r1_rule

Vulnerability Number

V-6836

Group Title

Minimum Password Length

Rule Version

4.013

Severity

CAT II

CCI(s)

CCI-000205 - The information system enforces minimum password length.

Weight

Fix Recommendation

Configure the policy value for Computer Configuration -> Windows Settings -> Account Policies -> Password Policy -> “Minimum password length,” to 14 characters.

Check Contents

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.

If the value for the “Minimum password length,” is less than 14 characters, then this is a finding.

Vulnerability Number

V-6836

Documentable

False

Rule Version

4.013

Severity Override Guidance

Check Content Reference

Potential Impact

Strong passwords may invite users to write down
the passwords. Ensure that all users store passwords in a secure
location.

STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: For systems utilizing a logon ID as the individual identifier, passwords will, at a minimum, be 14 characters.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Potential Impact

Third-Party Tools

Responsibility

Target Key

Comments