Users are not required to change their password during their first session.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7956	DSN13.01	SV-8442r1_rule	ECSC-1 IAIA-1 IAIA-2	Medium

Description
Requirement: The IAO will ensure that user passwords are assigned with the requirement for the user to change their password at first logon. The ISSO/IAO will assign passwords (typically a default) to new users of DSN components. The user will be required to change this assigned password during their first session. This gives the user full accountability for a session opened in their name since the IAO will no longer know the user’s password. If this is not technically feasible, the IAO should implement and enforce a policy that requires a manual change of passwords at the first logon.

Description

Requirement: The IAO will ensure that user passwords are assigned with the requirement for the user to change their password at first logon. The ISSO/IAO will assign passwords (typically a default) to new users of DSN components. The user will be required to change this assigned password during their first session. This gives the user full accountability for a session opened in their name since the IAO will no longer know the user’s password. If this is not technically feasible, the IAO should implement and enforce a policy that requires a manual change of passwords at the first logon.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7373r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text (F-7968r1_fix)
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.