Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-55037 | SRG-APP-000023-NDM-000205 | SV-69283r4_rule | Medium |
Description |
---|
If account management functions are not automatically enforced, an attacker could gain privileged access to a vital element of the network security architecture. Account management functions include: assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2017-12-28 |
Check Text ( C-55659r4_chk ) |
---|
Review the device configuration or documentation. Verify device has applications and automated tools for account management functions including: assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. If the network device does not provide automated support for account management functions, this is a finding. |
Fix Text (F-59903r4_fix) |
---|
Configure the network device to provide automated support for account management functions. |