The designer will ensure the application installs with unnecessary accounts disabled, or deleted, by default.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16799 | APP3370 | SV-17799r1_rule | IAIA-1 | Medium |
| Description |
|---|
| Unnecessary accounts should be disabled to limit the number of entry points for attackers to gain access to the system. Removing unnecessary accounts also limits the number of users and passwords the system administrator must maintain. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-17795r1_chk ) |
|---|
| Ask the application representative what system accounts are installed/created and/or enabled by default upon installation of the application. 1) If the application installs/creates/enables accounts that are not needed in order for the application to operate, it is a finding. |
| Fix Text (F-17028r1_fix) |
|---|
| Remove or disable unneeded accounts. |