Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55061 | SRG-APP-000075-NDM-000217 | SV-69307r1_rule | Medium |
Description |
---|
Administrators need to be aware of activity that occurs regarding their network device management account. Providing administrators with information regarding the date and time of their last successful login allows them to determine if any unauthorized activity has occurred. This incorporates all methods of login, including, but not limited to, SSH, HTTP, HTTPS, and physical connectivity. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2016-07-07 |
Check Text ( C-55683r1_chk ) |
---|
Determine if the network device is either configured to notify the administrator of the date and time of their last login or configured to use an authentication server which would perform this function. If the administrator is not notified of the date and time of the last login upon successful login, this is a finding. |
Fix Text (F-59927r1_fix) |
---|
Configure the network device to notify the administrator of the date and time of the last login upon successful login. |