Default accounts or credentials for operating systems, including for any pre-configured accounts, are changed.
Topic
Hardening operating system configurations
Applicable to
all
History
Priority
should
Dec 2022
Default accounts or credentials for operating systems, including for any pre-configured accounts, are changed.
The existing control relating to changing default credentials for operating systems was amended to changing default accounts or credentials for operating systems.
Mar 2022
Default credentials for pre-configured accounts are changed.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
2017
Default operating system accounts must be disabled, renamed or have their passphrasechanged.
Control Text Changed. No public explaination.
2015
Agencies must ensure that default operating system accounts are disabled, renamed or havetheir passphrase changed.
2010
Agencies should reduce potential vulnerabilities in their SOEs by:• removing unused accounts• renaming or deleting default accounts• replacing default passwords.
2008
Agencies should reduce potential vulnerabilities in their SOEs by: a. removing unused accounts b. renaming default accounts c. replacing default passwords.