Published: 06 January 2020
Analyst(s): Consult the Board Research Team
This summary contains input from nine members regarding their policies on updating default passwords for vendor applications and hardware. The summary begins by describing various controls that members deploy for managing the risk introduced by default vendor passwords, including administrative, detective, and preventative controls. It outlines the additional methods that members adopt for managing such risks and closes by studying members' processes in use to monitor compliance with policies and procedures related to managing default vendor passwords.
Guiding Principles on Independence and Objectivity.