Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7956 | DSN13.01 | SV-8442r1_rule | ECSC-1 IAIA-1 IAIA-2 | Medium |
Description |
---|
Requirement: The IAO will ensure that user passwords are assigned with the requirement for the user to change their password at first logon. The ISSO/IAO will assign passwords (typically a default) to new users of DSN components. The user will be required to change this assigned password during their first session. This gives the user full accountability for a session opened in their name since the IAO will no longer know the user’s password. If this is not technically feasible, the IAO should implement and enforce a policy that requires a manual change of passwords at the first logon. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2015-08-11 |
Check Text ( C-7373r1_chk ) |
---|
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable. |
Fix Text (F-7968r1_fix) |
---|
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy. |