CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

If an administrator sets a password for a user but wants that user to change the password when the user first logs on, the administrator must select the User must change password at next logon check box, or the user will not be able to change the password until the next day.

Default Value:

1 day on domain members. 0 days on stand-alone workstations.

References:

1. CCE-35366-4

CIS Controls:

Version 6

16.5 Ensure Workstation Screen Locks Are Configured Configure screen locks on systems to limit access to unattended workstations.

Version 7

16.10 Ensure All Accounts Have An Expiration Date Ensure that all accounts have an expiration date that is monitored and enforced.

16.2 Configure Centralized Point of Authentication Configure access for all accounts through as few centralized points of authentication as possible, including network, security, and cloud systems. 16.5 Encrypt Transmittal of Username and Authentication Credentials Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.

54 | P a g e