5.2: Use Unique Passwords
Threats Addressed:
Previous Version:
- Critical Security Controls Version 7.1:
- 4.4: Use Unique Passwords
Control Statement
Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using MFA and a 14-character password for accounts not using MFA.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]