The network device must generate alerts that can be forwarded to the administrators and IAO when accounts are removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-55193 | SRG-APP-000294-NDM-000278 | SV-69439r1_rule | Medium |
| Description |
|---|
| When application accounts are removed, administrator accessibility is affected. Accounts are utilized for identifying individual device administrators or for identifying the device processes themselves. In order to detect and respond to events that affect administrator accessibility and device processing, devices must audit account removal actions and, as required, notify the appropriate individuals so they can investigate the event. Such a capability greatly reduces the risk that device accessibility will be negatively affected for extended periods of time and also provides logging that can be used for forensic purposes. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2017-07-07 |
Details
| Check Text ( C-55813r1_chk ) |
|---|
| Determine if the network device generates alerts that can be forwarded to the administrators and IAO when accounts are removed. This requirement may be verified by demonstration or configuration review. If the network device is configured to use an authentication server which would perform this function, this is not a finding. If alerts are not generated when accounts are removed and forwarded to the administrators and IAO, this is a finding. |
| Fix Text (F-60057r1_fix) |
|---|
| Configure the network device or its associated authentication server to send a notification message to the administrators and IAO when accounts are removed. |