STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.

DISA Rule

SV-202051r395859_rule

Vulnerability Number

V-202051

Group Title

SRG-APP-000148

Rule Version

SRG-APP-000148-NDM-000346

Severity

CAT II

CCI(s)

• CCI-001358 - The organization establishes privileged user accounts in accordance with a role-based access scheme that organizes allowed information system access and privileges into roles.
• CCI-002111 - The organization identifies and selects the organization-defined information system account types of information system accounts which support organizational missions/business functions.

Weight

10

Fix Recommendation

Configure the device to only allow one local account for use as the account of last resort.

Check Contents

Review the network device configuration to determine if an account of last resort is configured. Verify default admin and other vendor-provided accounts are disabled, removed, or renamed where possible. Verify the username and password for the account of last resort is contained within a sealed envelope and kept in a safe.

If one local account does not exist for use as the account of last resort, this is a finding.

Vulnerability Number

V-202051

Documentable

False

Rule Version

SRG-APP-000148-NDM-000346

Severity Override Guidance

Review the network device configuration to determine if an account of last resort is configured. Verify default admin and other vendor-provided accounts are disabled, removed, or renamed where possible. Verify the username and password for the account of last resort is contained within a sealed envelope and kept in a safe.

If one local account does not exist for use as the account of last resort, this is a finding.

Check Content Reference

M

Target Key

2890

Comments