This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Password Policies
Jump to navigation
Jump to search
Password Policies | |
---|---|
Mitigation | |
ID | M0927 |
NIST SP 800-53 Rev. 4 | IA-5 |
IEC 62443-3-3:2013 | SR 1.5 |
IEC 62443-4-2:2019 | CR 1.5 |
Description
Set and enforce secure password policies for accounts.
Techniques Addressed by Mitigation
Name | Use |
---|---|
Default Credentials | Review vendor documents and security alerts for potentially unknown or overlooked default credentials within existing devices |
External Remote Services | Set and enforce secure password policies for accounts. |
Remote Services | Enforce strong password requirements to prevent password brute force methods for lateral movement. |
Valid Accounts | Applications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment. 1 |