The IAO/NSO will ensure all accounts are assigned the lowest possible level of access/rights necessary to perform their jobs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3184	NET1780	SV-3184r1_rule	ECSC-1	Medium

Description
Without a formal personnel approval process, unauthorized users may gain access to critical DoD systems. It is imperitive that only the required access to the required systems and information be provided to each individual. The lack of a password protection for communications devices provides anyone access to the device, which opens a backdoor opportunity for intruders to attack and manipulate or compromise network resources. Vendors often assign default passwords to communication devices. These default passwords are well known to the hacker community and are extremely dangerous if left unchanged.

Description

Without a formal personnel approval process, unauthorized users may gain access to critical DoD systems. It is imperitive that only the required access to the required systems and information be provided to each individual. The lack of a password protection for communications devices provides anyone access to the device, which opens a backdoor opportunity for intruders to attack and manipulate or compromise network resources. Vendors often assign default passwords to communication devices. These default passwords are well known to the hacker community and are extremely dangerous if left unchanged.

STIG	Date
Network Devices Security Technical Implementation Guide	2018-11-27

Details

Check Text ( C-3834r1_chk )
Review the user database to determine compliance.

Fix Text (F-3209r1_fix)
Have the NSO ensure that accounts are created with the lowest privilege necessary to perform their duties.