Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7965 | DSN13.14 | SV-8451r1_rule | ECSC-1 IAIA-1 IAIA-2 | Medium |
Description |
---|
Requirement: The IAO will ensure that no user (to include Administrator) is permitted to retrieve the password of any user in clear text. Passwords should be recorded and stored in a secure location for emergency use. This helps prevent time consuming password recovery techniques and denial of administrator access, in the event a password is forgotten or the individual with the access is incapacitated. The passwords of high level users should be recorded and controlled so that the ISSO/IAO would be able to gain high level access if an unforeseen situation occurred that prevented the high level user to perform their duties. |
STIG | Date |
---|---|
Defense Switched Network STIG | 2015-01-02 |
Check Text ( C-7690r1_chk ) |
---|
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable. |
Fix Text (F-7540r1_fix) |
---|
Record the passwords of high level users and store in a controlled manner. |