Sql-server – ISO 27001 – resetting passwords for SQL Server accounts

The ISO/IEC 27001:2013 paper Information technology -- Security techniques -- Information security management systems -- Requirements is a standard that:

...specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

If this standard defines that you should change the passwords every so often to ensure security, then by all means go ahead and do this.

Regarding SQL Server

Changing the password of an account is as simple as logging in to the instance and setting off the command:

ALTER LOGIN [sa] SET PASSWORD = 'ThisIsMyN3wSecurePassw0rd' 
GO

Answering Your Question

Is is standard to reset the passwords for these SQL Server authentication accounts?

There are no standards, regarding resetting the [sa] login's (or for that matter any other SQL Server authenticated account's) password.

But if you want to abide by the standards laid out in ISO/IEC 27001:2013 then you probably should change the SQL Server authenticated account's passwords at regular intervals.

regular: existing or happening repeatedly in a fixed pattern, with equal or similar amounts of space or time between one and the next; even:

^{Reference: regular (Cambridge Dictionary)}

That means that once a year can be considered regular.