UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must generate alerts that can be forwarded to the administrators and IAO when accounts are removed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55193 SRG-APP-000294-NDM-000278 SV-69439r1_rule Medium
Description
When application accounts are removed, administrator accessibility is affected. Accounts are utilized for identifying individual device administrators or for identifying the device processes themselves. In order to detect and respond to events that affect administrator accessibility and device processing, devices must audit account removal actions and, as required, notify the appropriate individuals so they can investigate the event. Such a capability greatly reduces the risk that device accessibility will be negatively affected for extended periods of time and also provides logging that can be used for forensic purposes.
STIG Date
Network Device Management Security Requirements Guide 2015-12-20

Details

Check Text ( C-55813r1_chk )
Determine if the network device generates alerts that can be forwarded to the administrators and IAO when accounts are removed. This requirement may be verified by demonstration or configuration review. If the network device is configured to use an authentication server which would perform this function, this is not a finding. If alerts are not generated when accounts are removed and forwarded to the administrators and IAO, this is a finding.
Fix Text (F-60057r1_fix)
Configure the network device or its associated authentication server to send a notification message to the administrators and IAO when accounts are removed.