The IDPS must automatically terminate emergency accounts after an organizationally defined time period.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000003-IDPS-000022 | SRG-NET-000003-IDPS-000022 | SRG-NET-000003-IDPS-000022_rule | Low |
| Description |
|---|
| Authentication for administrative access to the device is required at all times. A single account can be created on the device's local data management console for use in an emergency such as when the authentication server is down or connectivity between the device and the authentication server is not operable. The emergency account logon credentials must be stored in a sealed envelope and kept in a safe. There is a risk the emergency account may remain in place and active after the vendor support team has left. This requirement is applicable for emergency accounts created on the device's local data management console for use in an emergency such as when the authentication server is down or connectivity between the device and the authentication server is not operable. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43140_chk ) |
|---|
| Verify the IDPS is capable of setting automatic expiration for emergency accounts. Verify account settings are configured to automatically terminate emergency accounts. If the IDPS components do not automatically terminate emergency accounts after an organizationally defined time period, this is a finding. |
| Fix Text (F-43140_fix) |
|---|
| Delete all emergency accounts that are no longer needed. Configure the IDPS to automatically terminate emergency accounts after an organizationally defined time period. |