STIGQter STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: For systems utilizing a logon ID as the individual identifier, passwords will, at a minimum, be 14 characters.

DISA Rule

SV-32369r1_rule

Vulnerability Number

V-6836

Group Title

Minimum Password Length

Rule Version

4.013

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration -> Windows Settings -> Account Policies -> Password Policy -> “Minimum password length,” to 14 characters.

Check Contents

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.

If the value for the “Minimum password length,” is less than 14 characters, then this is a finding.

Vulnerability Number

V-6836

Documentable

False

Rule Version

4.013

Severity Override Guidance

Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Account Policies -> Password Policy.

If the value for the “Minimum password length,” is less than 14 characters, then this is a finding.

Check Content Reference

M

Potential Impact

Strong passwords may invite users to write down
the passwords. Ensure that all users store passwords in a secure
location.

Third-Party Tools

HK

Responsibility

Information Assurance Officer

Target Key

1823

Comments