This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Jump to navigation Jump to search
|NIST SP 800-53 Rev. 4||IA-5|
|IEC 62443-3-3:2013||SR 1.5|
|IEC 62443-4-2:2019||CR 1.5|
Set and enforce secure password policies for accounts.
Techniques Addressed by Mitigation
|Default Credentials||Review vendor documents and security alerts for potentially unknown or overlooked default credentials within existing devices|
|External Remote Services||Set and enforce secure password policies for accounts.|
|Remote Services||Enforce strong password requirements to prevent password brute force methods for lateral movement.|
|Valid Accounts||Applications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment. 1|