CCC.RDMS.C01: Password Management
Objective:Ensure default vendor-supplied DB administrator credentials are replaced
with strong, unique passwords and that these credentials are properly
managed using a secure password or secrets management solution.
Control Family:
Identity and Access Management
Threats:
| ID | Title | Description |
|---|---|---|
| CCC.RDMS.TH01 | Unauthorized Access via Default Credentials | If default credentials are not disabled or changed, unauthorized access may be gained to the RDMS environment. This may lead to data breaches, data manipulation, or overall compromise of the database instance. |
NIST CSF:
PR.AA-01
Control Mappings
NIST_800_53:
AC-2
Test Requirements
CCC.RDMS.C01.TR02:When an attempt is made to authenticate to the database using known
default credentials, the authentication attempt must fail and no
access should be granted.
TLP:
tlp_red
tlp_amber