794aed82-0f0a-46e0-8135-204c50b12462
The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the Maximum password age policy setting to 0 so that users are never required to change their passwords allows a compromised password to be used by the malicious user for as long as the valid user is authorized to access. More information here (https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/maximum-password-age)
To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Account Policies
|_ Password Policy
|_ "Maximum Password Age" to "60" days or less (excluding "0" which is unacceptable).
Information on how to fix it here (https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/maximum-password-age)
STIG:
Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2022-08-25/finding/V-254289
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2022-09-06/finding/V-205659 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93477
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2022-09-06/finding/V-224870 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73317
Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-08-31/finding/V-253301
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220743 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220743
NIST 800-53: AC-2(3)
NIST 800-171: 3.5.10 3.5.11 3.5.12 3.5.13
CMMC v2: AC.2.0.11/12/13/14
CSCv7: 16.10