The IDPS must automatically audit the creation of accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000005-IDPS-000028 | SRG-NET-000005-IDPS-000028 | SRG-NET-000005-IDPS-000028_rule | Low |
| Description |
|---|
| Account management and distribution is vital to the security of any IDPS. Account management by a designated authority ensures access to the IDPS is being controlled in a secured manner by granting access to only authorized personnel with the appropriate and necessary privileges. It is imperative that all personnel who are granted accounts have completed and submitted the proper request forms and have been approved by the designated authority. Auditing account creation and modification provides the necessary reconciliation that account management procedures are being followed. To support the auditing requirement, the IDPS must create an audit trail by logging account creation events. Without this audit trail, personnel without the proper security clearance may gain access to critical network nodes. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43146_chk ) |
|---|
| Navigate to the event log configuration or the account creation module on the management console. Verify the system is configured to log all account creation events. If account creation events are not logged, this is a finding. |
| Fix Text (F-43146_fix) |
|---|
| Configure the IDPS to log all account creation events. |