Issue
What is the password policy for Security Expert operators, and how can it be configured to meet specific cybersecurity requirements?
Product Line
EcoStruxure Security Expert
Environment
- Security Expert Server
- Security Expert Client
Cause
Some sites require customized password policies to comply with cybersecurity standards. These may include requirements such as:
- Enforcing regular password changes
- Preventing the reuse of previous passwords
- Setting minimum password length
- Requiring strong password complexity
Resolution
Default Password Policy in Security Expert
By default, Security Expert enforces the following password policy for operator accounts:
- Minimum password length: 8 characters
- Password change required: On first login
For more information on Security Expert’s cybersecurity practices, refer to the SX-SRVR Security Expert System Hardening Reference Guide.
Custom Password Policies via Active Directory Integration
Security Expert does not support advanced password policy configuration directly within the client interface. However, enhanced password policies can be enforced by integrating Security Expert with Windows Active Directory.
To implement this:
-
Integrate Security Expert with Active Directory
Follow the steps outlined in Option 1 of the How to Integrate Active Directory with Security Expert article or Option 2 for full Active Directory integration. See AN 288 Security Expert - Using Active Directory - Integration Guide for additional details. -
Configure Password Policies in Windows Domain
Once integration is complete, operator accounts managed through Active Directory will adhere to the domain’s password policy. This allows you to enforce:- Password expiration intervals
- Password history restrictions
- Minimum and maximum password lengths
- Complexity requirements (uppercase, lowercase, numbers, symbols)
