Applications must provide automated mechanisms for supporting user account management. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35130	SRG-APP-000023-MAPP-NA	SV-46417r1_rule		Medium

Description
A comprehensive application account management process that includes automation helps to ensure that accounts designated as requiring attention are consistently and promptly addressed. Examples include, but are not limited to, using automation to take action on multiple accounts designated as inactive, suspended, or terminated or by disabling accounts located in non-centralized account stores, such as multiple servers. Enterprise environments make application user account management challenging and complex. A user management process requiring administrators to manually address account management functions adds risk of potential oversight. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organizations automated account management requirements. Rationale for non-applicability: This SRG applies to single-user applications. Single-user applications do not require user account management. If the mobile application supports multiple user accounts, then it must be evaluated against the full Core Application SRG.

Description

A comprehensive application account management process that includes automation helps to ensure that accounts designated as requiring attention are consistently and promptly addressed. Examples include, but are not limited to, using automation to take action on multiple accounts designated as inactive, suspended, or terminated or by disabling accounts located in non-centralized account stores, such as multiple servers. Enterprise environments make application user account management challenging and complex. A user management process requiring administrators to manually address account management functions adds risk of potential oversight. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organizations automated account management requirements. Rationale for non-applicability: This SRG applies to single-user applications. Single-user applications do not require user account management. If the mobile application supports multiple user accounts, then it must be evaluated against the full Core Application SRG.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43518r2_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-39682r2_fix)
The requirement is NA. No fix is required.