UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All system administrative and maintenance user accounts are not documented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8556 DSN06.06 SV-9053r1_rule ECSC-1 Low
Description
Requirement: The IAO will document all system administrative and maintenance user accounts. It is imperative that the IAO and SA is aware of all administrative and maintenance accounts that are configured on the system. These accounts must be documented and validated against the roster of SAs and maintenance users that are approved for access to the system. Un-needed accounts provide a means of compromise.Additionally, for each user / allowable account, the privileges, roles, and allowable commands for the account must be documented.
STIG Date
Defense Switched Network (DSN) STIG 2015-06-30

Details

Check Text ( C-7690r1_chk )
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable.
Fix Text (F-7968r1_fix)
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.