Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7957 | DSN13.02 | SV-8443r1_rule | ECSC-1 IAIA-1 IAIA-2 | High |
Description |
---|
Requirement: The IAO will ensure that all system default passwords and user names are changed prior to connection to the DSN. Systems not protected with strong password schemes provide the opportunity for anyone to crack the password, gain access to the system, and cause information damage, or denial of service. Default user accounts and passwords must be changed prior to any user connection to a DSN system. This will prevent commonly known and used user accounts from being used by unauthorized users. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2017-01-19 |
Check Text ( C-7338r1_chk ) |
---|
Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable. |
Fix Text (F-7532r1_fix) |
---|
Delete / change default accts and passwords - Check the component or system for default vendor accounts and passwords. If possible, delete or rename the account and change the default password. |