Default user accounts or credentials for user applications, including for any pre-configured user accounts, are changed, disabled or removed.
Topic
Hardening user application configurations
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
Default user accounts or credentials for user applications, including for any pre-configured user accounts, are changed, disabled or removed.
A number of existing controls were reworded for clarity without changing their intent.
Dec 2024
Default user accounts or credentials for user applications, including for any pre-configured user accounts, are changed.
References to ‘accounts’ were changed to ‘user accounts’ in order to more closely match Microsoft Active Directory account types (i.e. ‘users’ and ‘computers’).
Mar 2023
Default accounts or credentials for user applications, including for any pre-configured accounts, are changed.
An existing control relating to changing default accounts or credentials for ‘applications’ was amended to ‘user applications’.
Dec 2022
Default accounts or credentials for applications, including for any pre-configured accounts, are changed.
A new control was added covering changing default accounts or credentials for applications.