Default Passwords on any piece of hardware or software are changed before deployment.
Specification
Universal and/or default passwords must not be used.
For existing systems that have built-in default passwords, these can only be used once, after the first login it must be changed.
ISO 27001 & 27002:2022
A5.8,
A5.36,
A5.37
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.01 Security Baselines