UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must notify the appropriate individuals when accounts are created.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34467 SRG-NET-000006-IDPS-00006 SV-45193r1_rule Low
Description
Because the accounts used to access the IDPS components are privileged or system level accounts, account management is vital to the security of the system. In order to detect and respond to events affecting user accessibility and IDPS service processing, the system must audit account creation and, when required, notify the appropriate individuals, so they can investigate the event to ensure its validity. Such a capability greatly reduces the risk of unauthorized access to the system and provides logging that can be used for forensic purposes. This requirement is applicable for accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42540r1_chk )
Verify the list of configured alerts includes a notice for account creation.
Verify the notice is sent to appropriate individuals.
If there is not a viewable configurable option, request the administrator create an account and validate that notifications are sent to the appropriate individuals.

If the system is not configured to notify the appropriate individuals when accounts are created, this is a finding.
Fix Text (F-38588r1_fix)
Configure the management console to send a notification message to appropriate individuals (e.g., designated system administrators and/or account holder) when accounts are created.