UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ISSO/IAO has not recorded the passwords of high level users (ADMIN) used on DSN components and stored them in a secure or controlled manner.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7965 DSN13.14 SV-8451r1_rule ECSC-1 IAIA-1 IAIA-2 Medium
Description
Requirement: The IAO will ensure that no user (to include Administrator) is permitted to retrieve the password of any user in clear text. Passwords should be recorded and stored in a secure location for emergency use. This helps prevent time consuming password recovery techniques and denial of administrator access, in the event a password is forgotten or the individual with the access is incapacitated. The passwords of high level users should be recorded and controlled so that the ISSO/IAO would be able to gain high level access if an unforeseen situation occurred that prevented the high level user to perform their duties.
STIG Date
Defense Switched Network STIG 2015-01-02

Details

Check Text ( C-7690r1_chk )
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable.
Fix Text (F-7540r1_fix)
Record the passwords of high level users and store in a controlled manner.