Windows Server 2022 must have the built-in Windows password complexity policy enabled.

An XCCDF Rule

Description

<VulnDiscussion>The use of complex passwords increases their strength against attack. The built-in Windows password complexity policy requires passwords to contain at least three of the four types of characters (numbers, uppercase and lowercase letters, and special characters) and prevents the inclusion of user names or parts of user names. Satisfies: SRG-OS-000069-GPOS-00037, SRG-OS-000070-GPOS-00038, SRG-OS-000071-GPOS-00039, SRG-OS-000266-GPOS-00101</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-254292r848692_rule
Severity: Medium
References: CCI-000192 CCI-000193 CCI-000194 CCI-001619
Updated: 9 months ago

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> Password must meet complexity requirements to "Enabled".

Windows Server 2022 must have the built-in Windows password complexity policy enabled.

Description

Remediation - Manual Procedure