The network device must generate alerts that can be forwarded to the administrators and IAO when accounts are disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-55189 | SRG-APP-000293-NDM-000277 | SV-69435r1_rule | Medium |
| Description |
|---|
| When application accounts are disabled, administrator accessibility is affected. Accounts are utilized for identifying individual device administrators or for identifying the device processes themselves. In order to detect and respond to events that affect administrator accessibility and device processing, devices must audit account disabling actions and, as required, notify the appropriate individuals so they can investigate the event. Such a capability greatly reduces the risk that device accessibility will be negatively affected for extended periods of time and also provides logging that can be used for forensic purposes. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2017-07-07 |
Details
| Check Text ( C-55811r1_chk ) |
|---|
| Determine if the network device generates alerts that can be forwarded to the administrators and IAO when accounts are disabled. This requirement may be verified by demonstration or configuration review. If the network device is configured to use an authentication server which would perform this function, this is not a finding. If alerts are not generated when accounts are disabled and forwarded to the administrators and IAO, this is a finding. |
| Fix Text (F-60055r1_fix) |
|---|
| Configure the network device or its associated authentication server to send a notification message to the administrators and IAO when accounts are disabled. |