Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26564 | WIR-WMS-GD-011 | SV-33591r1_rule | IAIA-1 IATS-1 | High |
Description |
---|
CTO 07-15Rev1 requires administrator accounts use either CAC authentication or use complex passwords to ensure strong access control is enforced. |
STIG | Date |
---|---|
Good Mobility Suite Server (Android OS) Security Technical Implementation Guide | 2011-12-14 |
Check Text ( C-34053r1_chk ) |
---|
Detailed Policy Requirements: One of the following authentications methods must be enforced for system administrator accounts: 1. CAC authentication. 2. The account password must be compliant with CTO 07-15 Rev1. –Password must be a 14+ character complex password consisting of at least 2 of the following: upper case letter, lower case letter, numbers, and special characters. The password must be changed every 60 days. Check Procedures: The Good messaging server uses Active Directory authentication for admin accounts to the management console. Site admin accounts are usually set up with a user ID/password authentication rather than CAC authentication. Therefore, verify the site AD is set up to require admin accounts to use passwords meeting the requirements of CTO 07-15Rev1. Discuss with the Network and AD reviewer and site IAO to verify compliance. Mark as a finding if site admin accounts do not meet the requirements. |
Fix Text (F-29731r1_fix) |
---|
Configure required authentication on system administration accounts for wireless management servers. |