The emergency account must be set to an appropriate authorization level to perform necessary administrative functions when the authentication server is not online.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15434 | NET0441 | SV-16261r4_rule | ECSC-1 | High |
| Description |
|---|
| The emergency account is to be configured as a local account on the network devices. It is to be used only when the authentication server is offline or not reachable via the network. The emergency account must be set to an appropriate authorization level to perform necessary administrative functions during this time. |
| STIG | Date |
|---|---|
| Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2015-04-06 |
Details
| Check Text ( C-14441r5_chk ) |
|---|
| Review the emergency account configured on the network devices and verify that it has been assigned to a privilege level that will enable the administrator to perform necessary administrative functions when the authentication server is not online. If the emergency account is configured for more access than needed to troubleshoot issues, this is a finding. |
| Fix Text (F-15098r6_fix) |
|---|
| Assign a privilege level to the emergency account to allow the administrator to perform necessary administrative functions when the authentication server is not online. |