Windows Server 2022 • Release: 7 Benchmark Date: 05 Jan 2026

CAT II V-254242 WN22-00-000050

Windows Server 2022 manually managed application account passwords must be at least 14 characters in length.

Documentable No
Rule ID SV-254242r1051087_rule
CCI References
CCI-004066CCI-000205

Discussion

Application/service account passwords must be of sufficient length to prevent being easily cracked. Application/service accounts that are manually managed must have passwords at least 14 characters in length.

Check Procedure

Determine if manually managed application/service accounts exist. If none exist, this is NA.

Verify the organization has a policy to ensure passwords for manually managed application/service accounts are at least 14 characters in length.

If such a policy does not exist or has not been implemented, this is a finding.

Fix Action

Establish a policy that requires application/service account passwords that are manually managed to be at least 14 characters in length. Ensure the policy is enforced.