Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55041 | SRG-APP-000025-NDM-000207 | SV-69287r1_rule | Medium |
Description |
---|
Since the accounts in the network device are privileged or system-level accounts, account management is vital to the security of the network device. Inactive accounts could be reactivated or compromised by unauthorized users, allowing exploitation of vulnerabilities and undetected access to the network device. This control does not include emergency administration accounts, which are meant for access to the network device components in case of network failure. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2015-12-20 |
Check Text ( C-55663r1_chk ) |
---|
Review the network device configuration to determine if it automatically disables accounts after 35 days of inactivity or is configured to use an authentication server which would perform this function. If accounts are not automatically disabled after 35 days of inactivity, this is a finding. |
Fix Text (F-59907r1_fix) |
---|
Configure the network device or its associated authentication server to automatically disable accounts after 35 days of inactivity. |