UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO/NSO will ensure the AAA authentication method implements user authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15433 NET0434 SV-16260r1_rule ECSC-1 Medium
Description
Group accounts are not permitted.
STIG Date
Network Devices Security Technical Implementation Guide 2015-09-22

Details

Check Text ( C-14440r1_chk )
Review the AAA server configuration. Attempt to identify suspicious group profile definitions that do not meet the accounts user-id naming convention. Example:supr-user. Below is an example of what an SA profile may be associated.

Group Profile Information
group = rtr_super{
profile_id = 40
profile_cycle = 1
service=shell {
default cmd=permit
cmd=debug {
deny all
permit .*
}
}
}

Below is an example of the user definition that should be assigned with a valid ID, (not rtr-geek). Look for group accounts here:

user = rtr-geek{
profile_id = 45
profile_cycle = 1
member = rtr_super
password = des "********"
}
Fix Text (F-15097r1_fix)
Remove all group profiles from the AAA server.