Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7958 | DSN13.03 | SV-8444r1_rule | ECSC-1 IAIA-1 IAIA-2 | Medium |
Description |
---|
Requirement: The IAO will ensure that shared user accounts will not be used. Unless the use of shared user accounts is operationally essential and/or the device in question does not support multiple accounts. The identity of users of DSN components need to be available to the ISSO/IAO through the use of unique usernames assigned to each user. This ensures that the ISSO/IAO is able to hold users accountable for their actions through the analysis of audit records. This type of accountability cannot be accomplished if shared accounts are used. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2015-06-30 |
Check Text ( C-7378r1_chk ) |
---|
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. |
Fix Text (F-7533r1_fix) |
---|
Document shared accounts - i.e., Keep a record of the human user and their assigned username. Shared accounts will only be used if required out of operational necessity and documented by the ISSO/IAO. |