This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.

Password Policies

From attackics
Jump to navigation Jump to search
Password Policies
Mitigation
ID M0927
NIST SP 800-53 Rev. 4 IA-5
IEC 62443-3-3:2013 SR 1.5
IEC 62443-4-2:2019 CR 1.5

Description

Set and enforce secure password policies for accounts.


Techniques Addressed by Mitigation

NameUse
Default CredentialsReview vendor documents and security alerts for potentially unknown or overlooked default credentials within existing devices
External Remote ServicesSet and enforce secure password policies for accounts.
Remote ServicesEnforce strong password requirements to prevent password brute force methods for lateral movement.
Valid AccountsApplications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment. 1


References

  1. ^  CISA. (2013, June). Risks of Default Passwords on the Internet. Retrieved September 25, 2020.

Retrieved from "https://collaborate.mitre.org/attackics/index.php?title=Mitigation/M0927&oldid=9032"