Last updated at Fri, 21 Jul 2017 16:30:38 GMT

Assets with passwords hardened is one of 11 categories of Critical Security Controls analyzed with Rapid7 ControlsInsight.  This particular control has Assets with unique password and Assets with strong local password policy enabled sub-controls for further granularity in assessing your environment.

What does it mean?

It is a best practice to ensure that no assets share the same password.  The Assets with unique password sub-control shows the number of assets monitored by ControlsInsight that have unique passwords.  In the screen shot below, out of 817 assets only 799 have unique password and 18 assets have the same password.  Clicking on that control allows an infosec professional to drill into the data further to see trending, see which assets have the shared passwords, and detailed remediation steps. 

The Assets with strong local password policy enabled sub-control requires the password for an asset to have a password that has length of 8 or more characters and password complexity set to 'true.'  An example of password complexity requirements can be found at the following link: Password must meet complexity requirements.

Why is this particular control important?

If your password can be easily cracked or guessed, one can then enter your system and/or your network and do whatever they want once they discover the password.  While your laptop may not contain the valuable information attackers seek, it is the entry point to the network that allows them to sniff around for more valuable items such as financial data, customer records, or credit card information.  Enforcing a password policy is a relatively low effort control designed to prevent an attack from happening in the first place. As Ben Franklin said, “an ounce of prevention is worth a pound of cure.”