Establish secure defaults

Last revision (mm/dd/yy): //

Description
There are many ways to deliver an “out of the box” experience for users. However, by default, the experience should be secure, and it should be up to the user to reduce their security – if they are allowed. It is imperative for the software environment to have default secure settings which may be opted out of by the user or other options which may be opted into (commonly known as Opt-in and Opt-out).

For example, by default, password aging and complexity should be enabled. Users might be allowed to turn these two features off(Opt-out) to simplify their use of the application and increase their risk.

Short example name

 * A short example description, small picture, or sample code with links

Short example name

 * A short example description, small picture, or sample code with links

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Controls 1
 * Controls 2