Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
System administrators must be authenticated with an individual authenticator prior to using a group authenticator.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000143-IDPS-000133 | SRG-NET-000143-IDPS-000133 | SRG-NET-000143-IDPS-000133_rule | Medium |
| Description |
|---|
| To assure individual accountability and prevent unauthorized access, organizational users shall be individually identified and authenticated. Sharing group accounts on any device is prohibited. If group accounts are not changed when individuals leave the group, that person could gain control of the network device. However, there are times when they are deemed mission essential. The security architecture of the IDPS and any installed applications must allow use of an individual authenticator (e.g., AAA server or Active Directory authentication) prior to using individual authentications. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43268_chk ) |
|---|
| Ask if group accounts are used to access or operate (use installed applications). Observe several administrators logging in and note the process for using group accounts. If group accounts are used without first logging in with individual credentials, this is a finding. |
| Fix Text (F-43268_fix) |
|---|
| Configure the system to require individual credentials for each user. Verify group authenticators are mission essential or necessary for the operation of the system. |