Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3184 | NET1780 | SV-3184r1_rule | ECSC-1 | Medium |
Description |
---|
Without a formal personnel approval process, unauthorized users may gain access to critical DoD systems. It is imperitive that only the required access to the required systems and information be provided to each individual. The lack of a password protection for communications devices provides anyone access to the device, which opens a backdoor opportunity for intruders to attack and manipulate or compromise network resources. Vendors often assign default passwords to communication devices. These default passwords are well known to the hacker community and are extremely dangerous if left unchanged. |
STIG | Date |
---|---|
Network Devices Security Technical Implementation Guide | 2016-09-28 |
Check Text ( C-3834r1_chk ) |
---|
Review the user database to determine compliance. |
Fix Text (F-3209r1_fix) |
---|
Have the NSO ensure that accounts are created with the lowest privilege necessary to perform their duties. |