DBMS login accounts require passwords to meet complexity requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15152 | DG0079-SQLServer9 | SV-24092r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Weak passwords are a primary target for attack to gain unauthorized access to databases and other systems. Where username/password is used for identification and authentication to the database, requiring the use of strong passwords can help prevent simple and more sophisticated methods for guessing at passwords. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-20068r1_fix) |
|---|
| For all DBMS accounts using SQL Server logins, set the accounts for password complexity checking: From the query prompt: ALTER LOGIN [login name] CHECK_POLICY = ON Note: This setting depends upon host system password complexity settings. The host system must be configured to comply with Windows STIG requirements. |