Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-8556 | DSN06.06 | SV-9053r1_rule | ECSC-1 | Low |
Description |
---|
Requirement: The IAO will document all system administrative and maintenance user accounts. It is imperative that the IAO and SA is aware of all administrative and maintenance accounts that are configured on the system. These accounts must be documented and validated against the roster of SAs and maintenance users that are approved for access to the system. Un-needed accounts provide a means of compromise.Additionally, for each user / allowable account, the privileges, roles, and allowable commands for the account must be documented. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2017-01-19 |
Check Text ( C-7690r1_chk ) |
---|
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable. |
Fix Text (F-7968r1_fix) |
---|
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy. |