Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Infrastructure L3 Switch Security Technical Implementation Guide
  3. V-3058

V-3058

Unauthorized accounts must not be configured for access to the network device.

Finding ID
NET0470
Rule ID
SV-3058r5_rule
Severity
Cat II
CCE
(None)
Group Title
Unauthorized accounts are configured to access device.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

A malicious user attempting to gain access to the network device may compromise an account that may be unauthorized for use. The unauthorized account may be a temporary or inactive account that is no longer needed to access the device. Denial of Service, interception of sensitive information, or other destructive actions could potentially take place if an unauthorized account is configured to access the network device.

Fix Text

Remove any account configured for access to the network device that is not defined in the organization's responsibilities list.

Check Content

Review the organization's responsibilities list and reconcile the list of authorized accounts with those accounts defined for access to the network device. If an unauthorized account is configured for access to the device, this is a finding.

Responsibility

Information Assurance Officer

Vaulted is more than a library.

SIGN UP FOR FREE