Controls/EDCA-IAC-021.json
|
{
"id": "EDCA-IAC-021", "title": "Mobile device mailbox policy requires an alphanumeric password", "description": "The AlphanumericPasswordRequired property on the default mobile device mailbox policy MUST be True. Requiring alphanumeric (mixed letters and digits) passwords is more secure than numeric-only PINs and reduces brute-force risk. The CIS benchmark requires alphanumeric passwords.", "verify": true, "subject": "Organization", "category": "Identity and Access Control", "severity": "Medium", "severityWeight": 5, "frameworks": [ "Best Practice", "CIS" ], "references": [ { "name": "CIS 3.8 (L1): Ensure Require alphanumeric password is set to True", "url": "https://www.cisecurity.org/benchmark/microsoft_exchange_server" }, { "name": "Mobile device mailbox policies in Exchange Server", "url": "https://learn.microsoft.com/exchange/clients/exchange-activesync/mobile-device-mailbox-policies" } ], "remediation": { "automatable": true, "description": "Require alphanumeric passwords in the default mobile device mailbox policy.", "scriptTemplate": "# Require alphanumeric passwords in the default mobile device mailbox policy.\nSet-MobileDeviceMailboxPolicy -Identity Default -AlphanumericPasswordRequired $true" }, "considerations": "Alphanumeric passwords must be combined with a minimum password length requirement to be effective. Note that some devices may display a full keyboard rather than a numeric PIN pad when this is enabled.", "roles": [ "Mailbox" ] } |