CFM-11—Default Device Passwords

>Control Description

Vendor-supplied default passwords are changed according to Organization standards prior to device installation on the Organization network or immediately after software or operating system installation.

Theme

Technology

Type

Preventive

Policy/Standard

Infrastructure Management Policy

>Implementation Guidance

1. Ensure that the security hardening and configuration baseline checks include enforcing disablement of default accounts. 2. Ensure that the security hardening and configuration baseline deviations are being tracked to resolution

>Testing Procedure

1. Inspect security hardening and configuration baseline checks to determine whether they are configured to enforce disabling of default accounts. 2. Validate that the security hardening and configuration baseline deviations are being tracked to resolution.

>Audit Artifacts

E-CFM-02

E-CFM-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CFM-11—Default Device Passwords

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

PCI DSS
1

Cyber Essentials
2

Ask AI

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

PCI DSS1

Cyber Essentials2

Ask AI

PCI DSS
1

Cyber Essentials
2