UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO/NSO will ensure all accounts are assigned the lowest possible level of access/rights necessary to perform their jobs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3184 NET1780 SV-3184r1_rule ECSC-1 Medium
Description
Without a formal personnel approval process, unauthorized users may gain access to critical DoD systems. It is imperitive that only the required access to the required systems and information be provided to each individual. The lack of a password protection for communications devices provides anyone access to the device, which opens a backdoor opportunity for intruders to attack and manipulate or compromise network resources. Vendors often assign default passwords to communication devices. These default passwords are well known to the hacker community and are extremely dangerous if left unchanged.
STIG Date
Network Devices Security Technical Implementation Guide 2018-02-27

Details

Check Text ( C-3834r1_chk )
Review the user database to determine compliance.
Fix Text (F-3209r1_fix)
Have the NSO ensure that accounts are created with the lowest privilege necessary to perform their duties.