UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Unauthorized accounts must not be configured for access to the network device.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3058 NET0470 SV-3058r5_rule ECSC-1 IAAC-1 Medium
Description
A malicious user attempting to gain access to the network device may compromise an account that may be unauthorized for use. The unauthorized account may be a temporary or inactive account that is no longer needed to access the device. Denial of Service, interception of sensitive information, or other destructive actions could potentially take place if an unauthorized account is configured to access the network device.
STIG Date
Perimeter L3 Switch Security Technical Implementation Guide 2015-12-18

Details

Check Text ( C-3505r5_chk )
Review the organization's responsibilities list and reconcile the list of authorized accounts with those accounts defined for access to the network device.

If an unauthorized account is configured for access to the device, this is a finding.
Fix Text (F-3083r5_fix)
Remove any account configured for access to the network device that is not defined in the organization's responsibilities list.