The IDPS must support the organizational requirement to ensure individuals are authenticated with an individual authenticator prior to using a group authenticator.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34637	SRG-NET-000143-IDPS-00105	SV-45512r1_rule		Medium

Description
To assure individual accountability and prevent unauthorized access, organizational users (and any processes acting on behalf of users) must be individually identified and authenticated. Sharing group accounts on any device is prohibited. If group accounts are not changed when individuals leave the group, that person could gain control of the network device. However, there are times when they are deemed mission essential. The security architecture of the IDPS and any installed applications must allow use of an individual authenticator (e.g., AAA server or Active Directory authentication) prior to using individual authentications. Group authenticators must be necessary for the operation of the system.

Description

To assure individual accountability and prevent unauthorized access, organizational users (and any processes acting on behalf of users) must be individually identified and authenticated. Sharing group accounts on any device is prohibited. If group accounts are not changed when individuals leave the group, that person could gain control of the network device. However, there are times when they are deemed mission essential. The security architecture of the IDPS and any installed applications must allow use of an individual authenticator (e.g., AAA server or Active Directory authentication) prior to using individual authentications. Group authenticators must be necessary for the operation of the system.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42861r1_chk )
If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the IDPS application itself, this is not a finding. Review the IDPS account management configuration and settings to determine if all individuals authorized access to the system have an individual account and that account is required to gain access to the system prior to the use of a group account. If group authentication does not require prior individual authentication, this is a finding.

Check Text ( C-42861r1_chk )

If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the IDPS application itself, this is not a finding.

Review the IDPS account management configuration and settings to determine if all individuals authorized access to the system have an individual account and that account is required to gain access to the system prior to the use of a group account.

If group authentication does not require prior individual authentication, this is a finding.

Fix Text (F-38909r1_fix)
Configure the IDPS to require individuals to authenticate with an individual authenticator prior to using a group authenticator.