Emergency accounts are established in response to crisis situations and with the need for rapid account activation. Therefore, emergency account activation may bypass normal account authorization processes. Emergency accounts are not to be confused with infrequently used accounts (e.g., local login accounts used for special tasks defined by organizations or when network resources are unavailable). Such accounts remain available and are not subject to automatic termination dates.
If these accounts remain active when no longer needed, they may be used to gain unauthorized access. The risk is greater for the IDPS since these accounts have elevated privileges. To mitigate this risk, automated termination of all emergency accounts must be set upon account creation.
This requirement is applicable for accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG. |