Sub-Requirement 8.5.9

Illustrative Controls and the TIBCO LogLogic Solution

Requiring frequent password changes is a good general security practice that limits an attacker’s ability to acquire and use compromised user accounts and passwords. It is generally recommended that passwords be changed every 30 to 90 days.

In addition to setting explicit system policies, administrators should identify and review password change events to ensure users are changing passwords at least every 90 days. For example, Windows platforms generate events with the ID of 4723 and 4724 for password change attempts.

Reports and Alerts

Use the following link/reference to see the 8.5.9 reports and alerts: 8.5.9 on page 130.