UCF STIG Viewer Logo

The IAO will ensure the application's users do not use shared accounts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16849 APP6230 SV-17849r1_rule IAGA-1 Medium
Description
Group or shared accounts for application access may be used only in conjunction with an individual authenticator. Group accounts do not allow for proper auditing of who is accessing the application and security incidents cannot be attributed to specific individuals.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-17862r1_chk )
Ask the application representative if a group of users share login information to the system.

1) If an account that belongs to a group that can login to the system, this is a finding.

2) If there is a login shared by more than one user, this is a finding.
Fix Text (F-17171r1_fix)
Remove group or shared accounts.