The IDPS must obscure feedback of authentication information during the authentication process to protect the information from possible use by unauthorized individuals.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000167-IDPS-000155 | SRG-NET-000167-IDPS-000155 | SRG-NET-000167-IDPS-000155_rule | Medium |
| Description |
|---|
| Authorization for access to any IDPS requires an approved and assigned individual account identifier. To ensure that only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined frequency. During the authentication process, malicious users can gain knowledge of passwords during authentication process by sniffing local traffic between the IDPS and the authentication server or even walking by a user logging on and viewing what had been keyed in. It is imperative the IDPS prevents any form of authentication feedback that can be used to learn account passwords. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43294_chk ) |
|---|
| View the password configuration. Verify system is configured to obscure feedback of authentication information during the authentication process. If passwords do not use a FIPS-validated encryption module, this is a finding. |
| Fix Text (F-43294_fix) |
|---|
| Configure the authentication function to obscure feedback of authentication information during the authentication process. |