The designer will ensure the application prevents the creation of duplicate accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6131	APP3380	SV-6131r1_rule	IAIA-1	Medium

Description
Duplicate user accounts can create a situation where multiple users will be mapped to a single account. These duplicate user accounts may cause users to assume other users roles and privilege escalation. If user IDs are not unique and individual, user activity may not be accurately audited and unauthorized activity may not be seen by the audit system.

STIG	Date
Application Security and Development Checklist	2014-12-22

Details

Check Text ( C-2945r1_chk )
If the user accounts used in the application are only operating system or database accounts, this check is Not Applicable. Identify duplicate userids. If these are not available, sort the list by the user name and, if applicable, associated ID number so that duplicates will be contiguous and thus easier to locate. 1) If any duplicates user accounts are discovered, it is a finding. The finding details should specify the duplicates by name, unless they are too numerous to document, in which case a numerical count of the IDs is more appropriate.

Check Text ( C-2945r1_chk )

If the user accounts used in the application are only operating system or database accounts, this check is Not Applicable.

Identify duplicate userids. If these are not available, sort the list by the user name and, if applicable, associated ID number so that duplicates will be contiguous and thus easier to locate.

1) If any duplicates user accounts are discovered, it is a finding.

The finding details should specify the duplicates by name, unless they are too numerous to document, in which case a numerical count of the IDs is more appropriate.

Fix Text (F-17029r1_fix)
Remove duplicate user accounts.