CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to 30 or fewer days, but not 0 :

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age

Impact:

None - this is the default behavior.

Default Value:

30 days.

References:

1. CCE-34894-6

CIS Controls:

Version 6

16 Account Monitoring and Control Account Monitoring and Control

Version 7

5.1 Establish Secure Configurations Maintain documented, standard security configuration standards for all authorized operating systems and software.

182 | P a g e