This site has been deprecated in favor of and will remain in place until 11/1/22.

Password Policies

From attackics
Jump to navigation Jump to search
Password Policies
ID M0927
NIST SP 800-53 Rev. 4 IA-5
IEC 62443-3-3:2013 SR 1.5
IEC 62443-4-2:2019 CR 1.5


Set and enforce secure password policies for accounts.

Techniques Addressed by Mitigation

Default CredentialsReview vendor documents and security alerts for potentially unknown or overlooked default credentials within existing devices
External Remote ServicesSet and enforce secure password policies for accounts.
Remote ServicesEnforce strong password requirements to prevent password brute force methods for lateral movement.
Valid AccountsApplications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment. 1