Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16849 | APP6230 | SV-17849r1_rule | IAGA-1 | Medium |
Description |
---|
Group or shared accounts for application access may be used only in conjunction with an individual authenticator. Group accounts do not allow for proper auditing of who is accessing the application and security incidents cannot be attributed to specific individuals. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17862r1_chk ) |
---|
Ask the application representative if a group of users share login information to the system. 1) If an account that belongs to a group that can login to the system, this is a finding. 2) If there is a login shared by more than one user, this is a finding. |
Fix Text (F-17171r1_fix) |
---|
Remove group or shared accounts. |