Credentials provided to users are changed on first use.
Topic
Setting credentials for user accounts
Applicable to
all
History
Mar 2022
Credentials provided to users are changed on first use.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Aug 2020
Users that do not set their own initial password/passphrase are required to change it on first use.
Security controls 1593, 1594 and 1595 were introduced to ensure that users provide sufficient evidence to verify their identity when collecting account credentials, that those credentials are provided to them in a secure manner and that they are changed upon first use.