UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure the application prevents the creation of duplicate accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6131 APP3380 SV-6131r1_rule IAIA-1 Medium
Description
Duplicate user accounts can create a situation where multiple users will be mapped to a single account. These duplicate user accounts may cause users to assume other users roles and privilege escalation. If user IDs are not unique and individual, user activity may not be accurately audited and unauthorized activity may not be seen by the audit system.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-2945r1_chk )
If the user accounts used in the application are only operating system or database accounts, this check is Not Applicable.

Identify duplicate userids. If these are not available, sort the list by the user name and, if applicable, associated ID number so that duplicates will be contiguous and thus easier to locate.

1) If any duplicates user accounts are discovered, it is a finding.

The finding details should specify the duplicates by name, unless they are too numerous to document, in which case a numerical count of the IDs is more appropriate.
Fix Text (F-17029r1_fix)
Remove duplicate user accounts.