c3b194cc-701a-43f4-bd84-86caada64337
Permitting passwords to be changed in immediate succession within the same day allows users to cycle passwords through their history database. This enables users to effectively negate the purpose of mandating periodic password changes.
To fix this configure GPO for:
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Account Policies
|_ Password Policy
|_ Minimum Password Age to at least "1" day.
STIG
Server
2022: https://stigviewer.com/stigs/microsoft_windows_server_2022/2022-08-25/finding/V-254290
2019: https://stigviewer.com/stigs/windows_server_2019/2020-06-15/finding/V-93471
Desktop
W11: https://stigviewer.com/stigs/microsoft_windows_11/2022-06-24/finding/V-253302
W10: https://stigviewer.com/stigs/microsoft_windows_10/2024-11-25/finding/V-220744
NIST 800-171 Rev2: 3.5.1, 3.5.2
NIST 800-171A: 3.5.1[a]. 3.5.1[b], 3.5.1[c]
CMMC V2.0 v1.02 Mapping: IA.1.076 IA.1.077
CMMC V2.0 Level 1 / 2 / 3: IA.L1-3.5.1, IA.L1-3.5.2
CMMC v1: IA.1.077
AICPA TSC 2017: CC6.1
CIS CSC v8: 5.5, 5.6, 6.7, 12.5
COBIT: DSS05.04
CSA CMM v4: IAM-13 IAM-16
IEC 62443-4-2: CR 1.1 (5.3.1) CR 1.1 (5.3.3(1))
ISO 27002: 5.15
ISO 27018: A.10.10
MPA Content Security Program: DS-10.0 DS-8.0
NIST Privacy Framework v1.0: PR.AC-P1 PR.AC-P6
NIST 800-53: IA-2
NIST 800-82: IA-2
NIST 800-161: IA-2
NIST CSF v1.1: PRAC-6
PCIDSS v3.2: 8.1.1, 8.2
PCIDSS v4.0: 7.1, 7.2, 7.2.1, 7.3, 7.3.1, 7.3.2, 7.3.3, 8.1, 8.2, 8.3, 8.3.3, 8.3.9
Shared Assessments SIG 2022: H.3
Tisax ISA v5.1.0: 4.1.1
US CERT RMM v1.2: AM:SG1.SP1, ID:SG1.SP1, ID:SG1.SP2, ID:SG1.SP3, TM:SG4.SP4
US FAR 52.204-21: 52.204-21(b)(1)(i), 52.204-21(b)(1)(v), 52.204-21(b)(1)(vi)
US HIPAA: 164.312(a)(2)(i)
US IRS 1075: 9.3.7.2
Manage your cookie preferences below:
To learn more about our use of cookies, please see our
Privacy Policy.