The IDPS must notify the appropriate individuals for account termination.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34473	SRG-NET-000012-IDPS-00012	SV-45199r1_rule		Low

Description
Account management by a designated authority ensures access to the IDPS is being controlled by granting access only to authorized personnel with the appropriate and necessary privileges. Automatic notification of account termination to appropriate individuals will provide the necessary reconciliation that account management procedures are being followed. It is also vital that the termination of accounts is monitored to ensure authorized accounts remain active and available for use when required. This requirement is applicable for accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG. For the IDPS, notifying designated system administrators and the account owner, will provide an alert, so the account can be enabled if it had been disabled by mistake.

Description

Account management by a designated authority ensures access to the IDPS is being controlled by granting access only to authorized personnel with the appropriate and necessary privileges. Automatic notification of account termination to appropriate individuals will provide the necessary reconciliation that account management procedures are being followed. It is also vital that the termination of accounts is monitored to ensure authorized accounts remain active and available for use when required. This requirement is applicable for accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG. For the IDPS, notifying designated system administrators and the account owner, will provide an alert, so the account can be enabled if it had been disabled by mistake.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42547r2_chk )
Verify the list of configured alerts includes a notice for account termination events to appropriate individuals (e.g., system administrator, account owner). If there is not a viewable, configurable option, request the administrator terminate and verify notification is sent to the appropriate individuals. If the system is not configured to notify appropriate individuals whose account has been terminated, this is a finding.

Check Text ( C-42547r2_chk )

Verify the list of configured alerts includes a notice for account termination events to appropriate individuals (e.g., system administrator, account owner).
If there is not a viewable, configurable option, request the administrator terminate and verify notification is sent to the appropriate individuals.

If the system is not configured to notify appropriate individuals whose account has been terminated, this is a finding.

Fix Text (F-38595r2_fix)
Configure the management console to send an alert to appropriate individuals (e.g., system administrator, account owner) when accounts are terminated.