Free DISA STIG and SRG Library | Vaulted

V-80823

AAA Services must be configured to prevent automatically removing emergency accounts.

Finding ID
SRG-APP-000234-AAA-000060
Rule ID
SV-95533r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000234-AAA-000060
CCI
CCI-001682
Target Key
(None)
Documentable
No
Discussion

Emergency accounts are administrator accounts that are established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activation may bypass normal account authorization processes. If these accounts are automatically disabled, system maintenance during emergencies may not be possible, thus adversely affecting system availability. Emergency accounts are different from infrequently used accounts (i.e., local logon accounts used by system administrators when network or normal logon/access is not available). Infrequently used accounts also remain available and are not subject to automatic termination dates. However, an emergency account is normally a different account that is created for use by vendors or system maintainers, that is removed once the crisis has passed. When AAA Services do not perform account management, the connected Active Directory must provide this setting

Fix Text

Configure AAA Services to not automatically remove emergency accounts. Emergency accounts must not have automatic termination set.

Check Content

If AAA Services rely on directory services for user account management, this is not applicable and the connected directory services must perform this function. Verify AAA Services are configured to not automatically remove emergency accounts. Emergency accounts must not have automatic termination set. If AAA Services are configured to automatically remove emergency accounts, this is a finding.