The operating system must automatically audit account disabling actions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-28909	SRG-OS-000240	SV-36900r1_rule		Medium

Description
When accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying processes themselves. In order to detect and respond to events affecting user accessibility and operating system processing, the operating system must audit account disabling actions and, as required, notify as required the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes.

Description

When accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying processes themselves. In order to detect and respond to events affecting user accessibility and operating system processing, the operating system must audit account disabling actions and, as required, notify as required the appropriate individuals, so they can investigate the event. Such a capability greatly reduces the risk that accessibility will be negatively affected for extended periods of time and provides logging that can be used for forensic purposes.

STIG	Date
Operating System Security Requirements Guide	2013-03-28

Details

Check Text ( None )
None

Fix Text (None)
None