Default user accounts or credentials for server applications, including for any pre-configured user accounts, are changed.
Topic
Hardening server application configurations
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Priority
must
Dec 2024
Default user accounts or credentials for server applications, including for any pre-configured user accounts, are changed.
References to ‘accounts’ were changed to ‘user accounts’ in order to more closely match Microsoft Active Directory account types (i.e. ‘users’ and ‘computers’).
Mar 2023
Default accounts or credentials for server applications, including for any pre-configured accounts, are changed.
An existing control relating to default database administrator accounts being disabled, renamed or having their credentials changed was expanded to cover default accounts for all server applications.
Mar 2022
Default database administrator accounts are disabled, renamed or have their credentials changed.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
2015
Default database administrator accounts must be disabled, renamed or have theirpassphrases changed.