The network element must automatically audit account modification.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26715	SRG-NET-000007	SV-33958r1_rule		Medium

Description
Account management and distribution is vital to the security of any network element. Account management by a designated authority ensures access to network elements is being controlled in a secured manner by granting access to only authorized personnel with the appropriate and necessary privileges. Without a formal approval process for the deployment and modification of accounts, personnel without the proper security clearance may gain access to critical network nodes. It is imperative that all personnel who are granted accounts have completed and submitted the proper request forms and have been approved by the designated authority. Auditing account creation and modification along with an automatic notification to appropriate individuals will provide the necessary reconciliation that account management procedures are being followed.

Description

Account management and distribution is vital to the security of any network element. Account management by a designated authority ensures access to network elements is being controlled in a secured manner by granting access to only authorized personnel with the appropriate and necessary privileges. Without a formal approval process for the deployment and modification of accounts, personnel without the proper security clearance may gain access to critical network nodes. It is imperative that all personnel who are granted accounts have completed and submitted the proper request forms and have been approved by the designated authority. Auditing account creation and modification along with an automatic notification to appropriate individuals will provide the necessary reconciliation that account management procedures are being followed.

STIG	Date
Network Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None