Level II Assessment Forms
The following forms, as shown in Tables B.5, B.6, and B.7, can be used when assessing servers and during system demonstrations.
| Password Action | Recommended Value | Actual Value |
|---|---|---|
| Enforce password history | 10 days | |
| Maximum password age | 30 days | |
| Minimum password age | 1 day | |
| Minimum password length | 7 characters | |
| Passwords must meet complexity | Enabled | |
| Account lockout threshold | After 3 attempts |
| Auditing | Recommended Value | Actual Value |
|---|---|---|
| Audit system events | Success and failure | |
| Audit process tracking | None | |
| Audit privilege use | Failure | |
| Audit account logon events | Failure | |
| Audit account management | Success and failure | |
| Audit directory service access | None | |
| Audit logon events | Failure | |
| Audit object access | Success |
Get Inside Network Security Assessment: Guarding Your IT Infrastructure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
