Password Policies
Set and enforce secure password policies for accounts.
ID: M0927
Security Controls: IEC 62443-3-3:2013 - SR 1.5, IEC 62443-4-2:2019 - CR 1.5, NIST SP 800-53 Rev. 5 - IA-5
Version: 1.0
Created: 06 June 2019
Last Modified: 19 September 2023
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| ICS | T0892 | Change Credential |
Applications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment.[1] |
|
| ICS | T0812 | Default Credentials |
Review vendor documents and security alerts for potentially unknown or overlooked default credentials within existing devices |
|
| ICS | T0822 | External Remote Services |
Set and enforce secure password policies for accounts. |
|
| ICS | T0886 | Remote Services |
Enforce strong password requirements to prevent password brute force methods for lateral movement. |
|
| ICS | T0859 | Valid Accounts |
Applications and appliances that utilize default username and password should be changed immediately after the installation, and before deployment to a production environment. [1] |
|