UCF STIG Viewer Logo

The network device must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.


Finding ID Version Rule ID IA Controls Severity
V-243139 WLAN-ND-000600 SV-243139r719872_rule Medium
To ensure individual accountability and prevent unauthorized access, administrators must be individually identified and authenticated. Individual accountability mandates that each administrator is uniquely identified. A group authenticator is a shared account or some other form of authentication that allows multiple unique individuals to access the network device using a single account. If a device allows or provides for group authenticators, it must individually authenticate administrators prior to implementing group authenticator functionality. Some devices may not have the need to provide a group authenticator; this is considered a matter of device design. Where the device design includes the use of a group authenticator, this requirement will apply. This requirement applies to accounts created and managed on or by the network device.
Network WLAN AP-IG Management Security Technical Implementation Guide 2021-04-16


Check Text ( C-46414r719870_chk )
Review the network device configuration and validate that users are authenticated before they are assigned privileges based on the role or group the account is assigned to.

If a user can gain access to network device privileges before they are authenticated, this is a finding.
Fix Text (F-46371r719871_fix)
Configure the network device to authenticate users before assigning privileges to each individual user account based on the role or group the account is assigned to.