UCF STIG Viewer Logo

Authentication is not required for every session requested.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7992 DSN18.07 SV-8478r1_rule ECSC-1 Medium
Description
Requirement: The IAO will ensure that identification and authentication is required for every session requested in accordance with I&A / password policy. Authentication is a measure used to verify the eligibility of a subject and the ability of that subject to access certain information. Authentication protects against the fraudulent use of a system or the deceptive transmission of information. All users must be authenticated prior to every authorized session allowing system access. This is necessary to ensure that no unauthorized sessions are granted.
STIG Date
Defense Switched Network STIG 2015-01-02

Details

Check Text ( C-7373r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.
Fix Text (F-7567r1_fix)
Ensure that all interfaces to the DSN component require authentication before a session is granted.