Accounts must be configured to require password expiration.

STIG ID: WN10-00-000090  |  SRG: SRG-OS-000076-GPOS-00044 | Severity: medium |  CCI: CCI-000199

Vulnerability Discussion

Passwords that do not expire increase exposure with a greater probability of being discovered or cracked.

Check

Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Users.
Double click each active account.

If "Password never expires" is selected for any account, this is a finding.

Fix

Configure all passwords to expire.
Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Users.
Double click each active account.
Ensure "Password never expires" is not checked on all active accounts.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.