The IDPS must automatically terminate temporary accounts after an organizationally defined time period for each type of account.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34463	SRG-NET-000002-IDPS-00002	SV-45186r1_rule		Medium

Description
Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation. Temporary accounts are not to be confused with infrequently used accounts (e.g., local login accounts used for special tasks defined by organizations or when network resources are unavailable). Such accounts remain available and are not subject to automatic termination dates. If these accounts remain active when no longer needed, they may be used to gain unauthorized access. The risk is greater for the IDPS since these accounts have elevated privileges. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation. This requirement is applicable for accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG.

Description

Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation. Temporary accounts are not to be confused with infrequently used accounts (e.g., local login accounts used for special tasks defined by organizations or when network resources are unavailable). Such accounts remain available and are not subject to automatic termination dates. If these accounts remain active when no longer needed, they may be used to gain unauthorized access. The risk is greater for the IDPS since these accounts have elevated privileges. To mitigate this risk, automated termination of all temporary accounts must be set upon account creation. This requirement is applicable for accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42532r1_chk )
If the site's security plan does not permit the use of temporary accounts for access to the IDPS, this is not a finding. Review the IDPS to ensure the system is configured to automatically terminate temporary accounts after an organizationally defined time period. If the IDPS components do not automatically terminate temporary accounts after an organizationally defined time period based on the type of account, this is a finding.

Check Text ( C-42532r1_chk )

If the site's security plan does not permit the use of temporary accounts for access to the IDPS, this is not a finding.
Review the IDPS to ensure the system is configured to automatically terminate temporary accounts after an organizationally defined time period.

If the IDPS components do not automatically terminate temporary accounts after an organizationally defined time period based on the type of account, this is a finding.

Fix Text (F-38579r1_fix)
Configure the IDPS to automatically terminate temporary accounts after an organizationally defined time period based on the type of account.