The IDPS must support the organizational requirement to ensure individuals are authenticated with an individual authenticator prior to using a group authenticator.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34637 | SRG-NET-000143-IDPS-00105 | SV-45512r1_rule | Medium |
| Description |
|---|
| To assure individual accountability and prevent unauthorized access, organizational users (and any processes acting on behalf of users) must be individually identified and authenticated. Sharing group accounts on any device is prohibited. If group accounts are not changed when individuals leave the group, that person could gain control of the network device. However, there are times when they are deemed mission essential. The security architecture of the IDPS and any installed applications must allow use of an individual authenticator (e.g., AAA server or Active Directory authentication) prior to using individual authentications. Group authenticators must be necessary for the operation of the system. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42861r1_chk ) |
|---|
| If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the IDPS application itself, this is not a finding. Review the IDPS account management configuration and settings to determine if all individuals authorized access to the system have an individual account and that account is required to gain access to the system prior to the use of a group account. If group authentication does not require prior individual authentication, this is a finding. |
| Fix Text (F-38909r1_fix) |
|---|
| Configure the IDPS to require individuals to authenticate with an individual authenticator prior to using a group authenticator. |